police

Configures an enforcer for classified traffic

Supported in the following platforms:

  • Service Platforms — NX 7510, NX 95XX, NX 96XX

Syntax

police [flow|srtcm-color-aware|srtcm-color-blind|trtcm-color-aware|trtcm-color-blind]
police flow <0-1000000> <0-16000000> conform-action transmit violate-action [<0-63>|drop]
police [srtcm-color-aware|srtcm-color-blind] <0-1000000> <0-16000000> 
<0-16000000> conform-action transmit exceed-action [<0-63>|drop] violate-action [<0-63>|drop]
police [trtcm-color-aware|trtcm-color-blind] <0-1000000> <0-16000000> <0-1000000> <0-16000000> 
conform-action transmit exceed-action [<0-63>|drop] violate-action [<0-63>|drop]

Parameters

police flow <0-1000000> <0-16000000> conform-action transmit violate-action [<0-63>|drop]
police Configures an enforcer for classified traffic
flow <0-1000000> <0-16000000> Configures an enforcer for classified traffic based on the metered flow rate
  • <0-1000000> – Configures the CIR (committed information rate) from 0 -1000000 kilobits per second.
    • <0-16000000> – Configures the BC (committed burst size) from 0 - 16000000 bytes.

Policing is based on a token bucket, where bucket depth (i.e., the maximum burst before the bucket overflows) is specified by the committed-burst field, and the average rate tokens are added to the bucket is specified by the committed-rate option. Note, the token bucket functions similar to that described in RFC 2697 and RFC 2698.

The behavior of the meter is specified in terms of one token bucket (C), the rate at which the tokens are incremented CIR and the maximum size of the token bucket BC.

The token bucket C is initially full, that is, the token count Tc(0) = BC. Thereafter, the token count Tc is updated CIR times per second as follows:The token bucket C is initially full, that is, the token count Tc(0) = BC. Thereafter, the token count Tc is updated CIR times per second as follows:

conform-action transmit Configures the action applied when packets fall within the specified CIR and BC limits
  • transmit – Transmits packets falling within the specified CIR and BC limits. This is subject to there being enough tokens to service the packet, in which case the packet is set green.
violate-action [<0-63>|drop] Configures the action applied when packets violate the specified CIR and BC limits
  • <0-63> – Applies a new DSCP value. Select the DSCP value from 0 - 63.
  • drops – Drops packets violating the specified CIR and BC limits
police [srtcm-color-aware|srtcm-color-blind] <0-1000000> <0-16000000> <0-16000000> 
conform-action transmit exceed-action [<0-63>|drop] violate-action [<0-63>|drop]
police Configures an enforcer for classified traffic
[srtcm-color-aware| srtcm-color-blind] <0-1000000> <0-16000000> <0-16000000> Configures an enforcer for classified traffic based on single rate three color meter (srTCM) mode. The srTCM as defined in RFC 2697 meters a traffic stream and processes its packets according to three traffic parameters – CIR, BC, and BE (Excess Burst Size).
  • srtcm-color-blind - Single rate three color meter in color-blind mode
  • srtcm-color-aware - Single rate three color meter in color-aware mode
The meter operates in one of two modes. In the color-blind mode, the meter assumes that the packet stream is uncolored. In color-aware mode the meter assumes that some preceding entity has pre-colored the incoming packet stream so that each packet is either green, yellow, or red. The marker (re)colors an IP packet according to the results of the meter. The color is coded in the DS field [RFC 2474] of the packet.
  • <0-1000000> – Configures the CIR from 0 -1000000 kilobits per second.
    • <0-16000000> – Configures the BC from 0 - 1600000 bytes.
      • <0-16000000> – Configures the BE from 0 - 1600000 bytes.

The behavior of the meter is specified in terms of its mode and two token buckets, C and E, which both share the common rate CIR. The maximum size of the token bucket C is BC and the maximum size of the token bucket E is BE.

The token buckets C and E are initially full, that is, the token count Tc(0) = BC and the token count Te(0) = BE. Thereafter, the token counts Tc and Te are updated CIR times per second as follows:
  • If Tc is less than BC, Tc is incremented by one, else
  • If Te is less then BE, Te is incremented by one, else
  • neither Tc nor Te is incremented.
When a packet of size B bytes arrives at time t, the following happens if srTCM is configured to operate in color-blind mode:
  • If Tc(t)-B > OR = 0, the packet is green and Tc is decremented by B down to the minimum value of 0, else
  • if Te(t)-B > OR = 0, the packets is yellow and Te is decremented by B down to the minimum value of 0,
  • else the packet is red and neither Tc nor Te is decremented.
When a packet of size B bytes arrives at time t, the following happens if srTCM is configured to operate in color-aware mode:
  • If the packet has been pre-colored as green and Tc(t)-B  0, the packet is green and Tc is decremented by B down to the minimum value of 0, else
  • If the packet has been pre-colored as yellow or green and if
  • Te(t)-B > OR = 0, the packets is yellow and Te is decremented by B down to the minimum value of 0, else the packet is red and neither Tc nor Te is decremented.

The metering policy guarantees a deterministic behavior where the volume of green packets is never smaller than what has been determined by the CIR and BC, that is, tokens of a given color are always spent on packets of that color. Refer to RFC 2697 for more information on other aspects of srTCM.

conform-action transmit Configures the action applied when packet rates fall within the specified CIR and BC limits
  • transmit – Transmits packets falling within the specified CIR and BC limits
exceed-action [<0-63>|drop] Configures the action applied when packet rates exceed the specified CIR and BC limits
  • <0-63> – Applies a new DSCP value. Select the DSCP value from 0 - 63
  • drops – Drops packets exceeding the specified CIR and BC limits
violate-action [<0-63>|drop] Configures the action applied when packet rates exceed the specified BE limit
  • <0-63> – Applies a new DSCP value. Select the DSCP value from 0 - 63
  • drops – Drops packets exceeding the specified BE limit
police [trtcm-color-aware|trtcm-color-blind] <0-1000000> <0-16000000> <0-1000000> 
<0-16000000> conform-action transmit exceed-action [<0-63>|drop] violate-action [<0-63>|drop]
police Configures an enforcer for classified traffic
[trtcm-color-aware| trtcm-color-blind] <0-1000000> <0-16000000> <0-1000000> <0-16000000> Configures an enforcer for classified traffic based on a two rate three color meter (trTCM) mode. The trTCM as defined in RFC 2698 meters a traffic stream and processes its packets based on two rates – CIR and Peak Information Rate (PIR), and their associated burst sizes - BC and BP (Peak Burst Size).
  • trtcm-color-blind - Two rate three color meter in color-blind mode
  • trtcm-color-aware - Two rate three color meter in color-aware mode
    • <0-1000000> – Configures the CIR from 0 - 1000000 kilobits per second
      • <0-16000000> – Configures the BC from 0 - 1600000 bytes.
        • <0-1000000> – Configures the PIR from 0 - 1000000 kilobits per second
        • <0-16000000> – Configures the BP from 0 - 1600000 bytes

The meter operates in one of two modes. In the color-blind mode, the meter assumes that the packet stream is uncolored. In color-aware mode the meter assumes that some preceding entity has pre-colored the incoming packet stream so that each packet is either green, yellow, or red. The marker (re)colors an IP packet according to the results of the meter. The color is coded in the DS field [RFC 2474] of the packet.

The behavior of the meter is specified in terms of its mode and two token buckets, P and C, which are based on the rates PIR and CIR, respectively. The maximum size of the token bucket P is BP and the maximum size of the token bucket C is BC.

The token buckets P and C are initially (at time 0) full, that is, the token count Tp(0) = BP and the token count Tc(0) = BC. Thereafter, the token count Tp is incremented by one PIR times per second up to BP and the token count Tc is incremented by one CIR times per second up to BC.

When a packet of size B bytes arrives at time t, the following happens if trTCM is configured to operate in color-blind mode:
  • If Tp(t)-B < 0, the packet is red, else
  • if Tc(t)-B < 0, the packet is yellow and Tp is decremented by B, else
  • The packet is green and both Tp and Tc are decremented by B.
When a packet of size B bytes arrives at time t, the following happens if trTCM is configured to operate in color-aware mode:
  • If the packet has been pre-colored as red or if Tp(t)-B < 0, the packet is red, else
  • if the packet has been pre-colored as yellow or if Tc(t)-B < 0, the packet is yellow and Tp is decremented by B, else
  • the packet is green and both Tp and Tc are decremented by B.

The trTCM can be used to mark a IP packet stream in a service, where different, decreasing levels of assurances (either absolute or relative) are given to packets which are green, yellow, or red. Refer to RFC 2698 for more information on other aspects of trTCM.

conform-action transmit Configures the action applied when packet rates fall within the specified CIR and BP limits
  • transmit – Transmits packets falling within the specified CIR and BC limits
exceed-action [<0-63>|drop] Configures the action applied when packet rates exceed the specified CIR limit, but are within the specified PIR limit
  • <0-63> – Applies a new DSCP value. Select the DSCP value from 0 - 63.
  • drops – Drops packets exceeding the specified CIR and BC limit
violate-action [<0-63>|drop] Configures the action applied when packet rates exceed the specified PIR limit
  • <0-63> – Applies a new DSCP value. Select the DSCP value from 0 - 63.
  • drops – Drops packets exceeding the specified BE limi

Usage Guidelines

When configuring the traffic class enforcer parameters, consider the following factors:
  • You can configure up to 200 enforcers/policers (i.e., class maps) for ingress ports.
  • The committed-rate cannot exceed the configured interface speed, and the committed-burst cannot exceed 16 Mbytes.

Examples

The following example uses the police > trtcm-color-blind command to limit the average bandwidth to 100,000 Kbps, the committed burst rate to 4000 bytes, the peak information rate to 1,000,000 Kbps, the peak burst size to 6000, to remark any packets exceeding the committed burst size, and to drop any packets exceeding the peak information rate.

nx9500-6C8809(config-ex3500-qos-policy-map-testPolicyMap-pmap-class-dscp)#police
 trtcm-color-blind 100000 4000 100000 6000 conform-action transmit exceed-action 0 violate-action drop
nx9500-6C8809(config-ex3500-qos-policy-map-testPolicyMap-pmap-class-dscp)#show context
 class dscp
  police trtcm-color-blind 100000 4000 100000 6000 conform-action transmit exceed-action 0 violate-action drop
nx9500-6C8809(config-ex3500-qos-policy-map-testPolicyMap-pmap-class-dscp)#

Related Commands

no (ex3500-traffic-class-config-commands) Removes the traffic enforcer settings