Policer Enhancement Multiple Actions

Feature History

Release

Modification

Cisco IOS XE Release 2.1

This feature was introduced on Cisco ASR 1000 Series Routers.

This document describes the Policer Enhancement Multiple Actions feature and includes the following sections:

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Feature Overview

This feature further extends the functionality of the Cisco IOS XE single-rate policer and the Two-Rate Policer feature. The Traffic Policing and Two-Rate Policer features are traffic policing mechanisms that allow you to control the maximum rate of traffic sent or received on an interface. Both of these traffic policing mechanisms mark packets as either conforming to, exceeding, or violating a specified rate. After a packet is marked, you can specify an action to be taken on the packet based on that marking.

With both the Traffic Policing feature and the Two-Rate Policer feature, you can specify only one conform action, one exceed action, and one violate action. Now with the new Policer Enhancement Multiple Actions feature, you can specify multiple conform, exceed, and violate actions for the marked packets.

You specify the multiple actions by using the action argument of the police command. The resulting actions are listed in the table below.

Table 1 police Command Action Arguments

Specified Action

Result

drop

Drops the packet.

set-clp-transmit

Sets the ATM Cell Loss Priority (CLP) bit from 0 to 1 on the ATM cell and transmits the packet.

set-cos-transmit

Sets the Class of Service (CoS) value and transmits the packet.

set-discard-class-transmit

Sets the discard-class value and transmits the packet.

set-dscp-transmit new-dscp

Sets the IP differentiated services code point (DSCP) value and transmits the packet with the ATM CLP bit set to 1.

set-frde-transmit

Sets the Frame Relay Discard Eligibility (DE) bit from 0 to 1 on the Frame Relay frame and transmits the packet.

set-mpls-exp-transmit

Sets the Multiprotocol Label Switching (MPLS) experimental (EXP) bits from 0 to 7 and transmits the packet.

set-mpls-exp-imposition-transmit

Sets the MPLS EXP bits from 0 to 7 at tag imposition and transmits the packet.

set-prec-transmit new-prec

Sets the IP Precedence level and transmits the packet.

set-qos-transmit new-qos

Sets the Quality of Service (QoS) group value and transmits the packet.

transmit

Transmits the packet.

Benefits

Before this feature, you could specify only one marking action for a packet, in addition to transmitting the packet. This feature provides enhanced flexibility by allowing you to specify multiple marking actions for a packet, as required. For example, if you know the packet will be transmitted through both a TCP/IP and a Frame Relay environment, you can change the DSCP value of the exceeding or violating packet, and also set the Frame Relay Discard Eligibility (DE) bit from 0 to 1 to indicate lower priority.

Restrictions

The shape (percent) command, when used in "child" (nested) policy maps, is not supported on the Cisco 7500, the Cisco 7200, or lower series routers. Therefore, the shape (percent) command cannot be configured for use in nested policy maps on these routers.

Related Features and Technologies

  • Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC)

  • Class-Based Weighted Fair Queueing (CBWFQ)

  • Class-Based Packet Marking

  • Traffic Policing

  • Two-Rate Policing

Related Documents

  • "Applying QoS Features Using the MQC" module

  • "Configuring Weighted Fair Queueing" module

  • "Marking Network Traffic" module

  • "Policing and Shaping Overview" module

  • "Traffic Policing" module

  • "Two-Rate Policer" module

  • "Policer Enhancements-Multiple Actions" module

  • "Cisco Express Forwarding Overview" module

  • Cisco IOS Quality of Service Solutions Command Reference

  • Cisco IOS Switching Services Command Reference

  • RFC 2697, A Single Rate Three Color Marker

  • RFC 2698, A Two Rate Three Color Marker

Supported Standards MIBs and RFCs

Standards

None

MIBs

  • CISCO-CLASS-BASED-QOS-MIB

  • CISCO-CLASS-BASED-QOS-CAPABILITY-MIB

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http:/​/​tools.cisco.com/​ITDIT/​MIBS/​servlet/​index

If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:

http:/​/​www.cisco.com/​public/​sw-center/​netmgmt/​cmtk/​mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http:/​/​www.cisco.com/​register

RFCs

None

Prerequisites

  • On a Cisco 7500 series router, CEF or dCEF must be configured on the interface before you can use the Policer Enhancement -- Multiple Actions feature.

  • To configure the Policer Enhancement -- Multiple Actions feature, a traffic class and a service policy must be created, and the service policy must be attached to a specified interface.

Configuration Tasks

Configuring Multiple Policer Actions

SUMMARY STEPS

    1.    Router(config)# policy-map policy-map-name

    2.    Router(config-pmap)# class class-default

    3.    Router(config-pmap-c)# police {cir cir}[bc conform-burst]{pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]]


DETAILED STEPS
     Command or ActionPurpose
    Step 1 Router(config)# policy-map policy-map-name 

    Creates a policy map. Enters policy-map configuration mode.

     
    Step 2 Router(config-pmap)# class class-default 

    Specifies the default traffic class for a service policy. Enters policy-map class configuration mode.

     
    Step 3 Router(config-pmap-c)# police {cir cir}[bc conform-burst]{pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]] 

    Configures traffic policing and specifies multiple actions applied to packets marked as conforming to, exceeding, or violating a specific rate. Use one line per action that you want to specify. Enters policy-map class police configuration mode.

     

    Verifying the Multiple Policer Actions Configuration

    Command

    Purpose

    		 
    Router#
 show policy-map interface

    Displays statistics and configurations of all input and output policies attached to an interface.

    Troubleshooting Tips

    • Check the interface type. Verify that your interface is not listed as a nonsupported interface.

    • For input traffic policing on a Cisco 7500 series router, verify that Cisco Express Forwarding or Distributed Cisco Express Forwarding is configured on the interface on which traffic policing is configured.

    • For output traffic policing on a Cisco 7500 series router, ensure that the incoming traffic is Cisco Express Forwarding-switched or Distributed Cisco Express Forwarding-switched. Traffic policing cannot be used on the switching path unless Cisco Express Forwarding or Distributed Cisco Express Forwarding switching is enabled.

    Monitoring and Maintaining the Multiple Policer Actions

    Command

    Purpose

    		 
    Router# show policy-map

    Displays all configured policy maps.

    		 
    Router# show policy-map policy-map-name

    Displays the user-specified policy map.

    		 
    Router# show policy-map interface

    Displays statistics and configurations of all input and output policies that are attached to an interface.

    Configuration Examples

    Example Multiple Actions in a Two-Rate Policer

    In the following example, a policy map called police is configured to use a two-rate policer to police traffic leaving an interface. Two rates, a committed information rate (CIR) of 1 Mbps and a peak information rate (PIR) of 2 Mbps, have been specified. 

    Router(config)# policy-map police
Router(config-pmap)# class class-default
Router(config-pmap-c)# police cir 1000000 pir 2000000
 
Router(config-pmap-c-police)# conform-action transmit
Router(config-pmap-c-police)# exceed-action set-prec-transmit 4
Router(config-pmap-c-police)# exceed-action set-frde
Router(config-pmap-c-police)# violate-action set-prec-transmit 2
Router(config-pmap-c-police)# violate-action set-frde-transmit
 
Router(config-pmap-c-police)# end

    The following actions will be performed on packets associated with the policy map called police:

    • All packets marked as conforming to these rates (that is, packets conforming to the CIR) will be transmitted unaltered.

    • All packets marked as exceeding these rates (that is, packets exceeding the CIR but not exceeding the PIR) will be assigned an IP Precedence level of 4, the DE bit will be set to 1, and then transmitted.

    • All packets marked as violating the rate (that is, exceeding the PIR) will be assigned an IP Precedence level of 2, the DE bit will be set to 1, and then transmitted.

    Example Verifying the Multiple Policer Actions

    The following sample output of the show policy-mapcommand displays the configuration for a service policy called police. In this service policy, multiple actions for packets marked as exceeding the specified CIR rate have been configured. For those packets, the IP Precedence level is set to 4, the DE bit is set to 1, and the packet is transmitted. Multiple actions for packets marked as violating the specified PIR rate have also been configured. For those packets, the IP Precedence level is set to 2, the DE bit is set to 1, and the packet is transmitted.

    Router# show policy-map police
  Policy Map police
    Class class-default
     police cir 1000000 bc 31250 pir 2000000 be 31250
       conform-action transmit 
       exceed-action set-prec-transmit 4
       exceed-action set-frde-transmit 
       violate-action set-prec-transmit 2
       violate-action set-frde-transmit

    Feature Information for Policer Enhancement Multiple Actions

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
    Table 2 Feature Information for QoS for dVTI

    Feature Name

    Releases

    Feature Information

    Policer Enhancement Multiple Actions

    Cisco IOS XE Release 2.1

    Policer Enhancement Multiple Actions specifies multiple conform, exceed, and violate actions for marked packets.