Traffic policing is the process of
monitoring network traffic for compliance with a traffic policy and then enforcing that
policy.
Policing actions are applicable only to
data traffic.
When a Layer 2 control protocol is not
enabled on an interface, packets are dropped at ingress and are subject to ingress
policing.
If the configured CBS value is less than
2*(default MTU) value, then 2*(default MTU) is programmed as the committed burst
size (CBS) in the hardware. For example, you configure CBS at 2000 bytes and the
default MTU on an interface is 1548 bytes. When a policy map is applied on this
interface, the CBS programmed in the hardware is 2*MTU (3096 bytes). If you update
the MTU value, the CBS value is not updated.
When the CBS and excess burst size (EBS)
values are not configured, the values are derived from the committed information
rate (CIR) and excess information rate (EIR), respectively. The burst size
calculation is as follows:
Burst size (CBS or EBS) = (1.2 × information rate (CIR or EIR)) ÷ 8
You are responsible for configuring
configure rate limit threshold values on an interface based on interface speed. No
validation is performed for user-configured values against the interface speed.
Because CIR is a mandatory policing
attribute, you cannot delete the CIR parameter. However, you can delete the CIR
attribute by using the no
police command in policy-map-class sub-mode.
Packet drops caused by any action other
than the ACL are included in the policing counter.
Layer 3 control packets are policed at the
egress side.
When you attempt to bind the policer
with a configured CIR or EIR value that is less than 22,000 bps in the device, the
operational CIR or EIR value becomes zero and you receive a syslog notification on
the console.
Unknown-unicast storm control does not rate
limit the VLL or P2P traffic in the default TCAM profile.
When an ingress service policy is bound on a port channel that has multiple member
ports, then all port-channel member ports that belong to the same chip-core are
governed by the same policy. The configured rate is per chip-core. For example:
A service policy with a CIR or EIR value of 10 Gpbs is applied on port
channel 10. Port channel 10 has member ports 1/1 and 1/3 that belong to chip
1-core 0. So the total rate-limit value for the port channel is 10
Gpbs.
A service policy with a CIR or EIR value of 10 GPBS is applied on port
channel 10. Port channel ten has member ports 1/6 and 1/13 that belong to
chip 1-core 0, and chip 1-core 1. So the total rate-limit value of the port
channel is 2*10, or 20 Gpbs.
A service policy with a CIR or EIR value of 10 GPBS is applied on port
channel 10. Port channel ten has member ports 1/10 and 3/10 that belong to
chip 1-core x, and chip 3-core x. So the total rate-limit value of the port
channel is 2*10, or 20 Gpbs.