Cisco IOS Quality of Service Solutions Command Reference

non-tcp

To enable non-Transmission-Control-Protocol (non-TCP) header compression within an IP Header Compression (IPHC) profile, use the non-tcp command in IPHC-profile configuration mode. To disable non-TCP header compression within an IPHC profile, use the no form of this command.

non-tcp

no non-tcp

Syntax Description

This command has no arguments or keywords.

Command Default

Non-TCP header compression is enabled.

Command Modes

IPHC-profile configuration

Command History

Usage Guidelines

Intended for Use with IPHC Profiles

The non-tcp command is intended for use as part of an IPHC profile. An IPHC profile is used to enable and configure header compression on a network. For more information about using IPHC profiles to configure header compression, see the "Header Compression" module and the "Configuring Header Compression Using IPHC Profiles" module of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4T.

Examples

The following example shows how to configure an IPHC profile called profile2. In this example, non-TCP header compression is configured.

Router> enable

Router# configure terminal

Router(config)# iphc-profile profile2 ietf

Router(config-iphcp)# non-tcp

Router(config-iphcp)# end

Related Commands

non-tcp contexts

To set the number of contexts available for non-Transmission-Control-Protocol (TCP) header compression, use the non-tcp contexts command in IPHC-profile configuration mode. To remove the number of previously configured contexts, use the no form of this command.

non-tcp contexts {absolute number-of-connections | kbps-per-context kbps}

no non-tcp contexts

Syntax Description

Command Default

The non-tcp contexts command calculates the number of contexts on the basis of bandwidth and allocates 4 kbps per context.

Command Modes

IPHC-profile configuration

Command History

Usage Guidelines

Use the non-tcp contexts command to set the number of contexts available for non-TCP header compression. A context is the state that the compressor uses to compress a header and that the decompressor uses to decompress a header. The context is the uncompressed version of the last header sent and includes information used to compress and decompress the packet.

Intended for Use with IPHC Profiles

The non-tcp contexts command is intended for use as part of an IPHC profile. An IPHC profile is used to enable and configure header compression on your network. For more information about using IPHC profiles to configure header compression, see the "Header Compression" module and the "Configuring Header Compression Using IPHC Profiles" module of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4T.

Setting the Number of Contexts as an Absolute Number

The non-tcp contexts command allows you to set the number of contexts as an absolute number. To set the number of contexts as an absolute number, enter a number between 1 and 1000.

Calculating the Number of Contexts on the Basis of Bandwidth

The non-tcp contexts command can calculate the number of contexts on the basis of the bandwidth available on the network link to which the IPHC profile is applied.

To have the number of contexts calculated on the basis of the available bandwidth, enter the kbps-per-context keyword followed by a value for the kbps argument. The command divides the available bandwidth by the kbps specified. For example, if the bandwidth of the network link is 3000 kbps, and you enter 5 for the kbps argument, the command calculates 600 contexts.

Examples

The following is an example of an IPHC profile called profile2. In this example, the number of non-TCP contexts has been set to 75.

Router> enable

Router# configure terminal

Router(config)# iphc-profile profile2 ietf

Router(config-iphcp)# non-tcp contexts absolute 75

Router(config-iphcp)# end

Related Commands

oam-bundle

To enable end-to-end F5 Operation, Administration, and Maintenance (OAM) loopback cell generation and OAM management for all virtual circuit (VC) members of a bundle or a VC class that can be applied to a VC bundle, use the oam-bundle command in SVC-bundle configuration mode or VC-class configuration mode. To remove OAM management from the bundle or class configuration, use the no form of this command.

To enable end-to-end F5 OAM loopback cell generation and OAM management for all VC members of a bundle, use the oam-bundle command in bundle configuration mode. To remove OAM management from the bundle, use the no form of this command.

oam-bundle [manage] [frequency]

no oam-bundle [manage] [frequency]

Syntax Description

Command Default

End-to-end F5 OAM loopback cell generation and OAM management are disabled, but if OAM cells are received, they are looped back.

Command Modes

SVC-bundle configuration (for an SVC bundle)
VC-class configuration (for a VC class)
Bundle configuration (for an ATM VC bundle)

Command History

Usage Guidelines

This command defines whether a VC bundle is OAM managed. If this command is configured for a bundle, every VC member of the bundle is OAM managed. If OAM management is enabled, further control of OAM management is configured using the oam retry command.

This command has no effect if the VC class that contains the command is attached to a standalone VC; that is, if the VC is not a bundle member. In this case, the attributes are ignored by the VC.

To use this command in VC-class configuration mode, first enter the vc-class atm global configuration command.

To use this command in bundle configuration mode, first enter the bundle subinterface configuration command to create the bundle or to specify an existing bundle.

VCs in a VC bundle are subject to the following configuration inheritance rules (listed in order of next-highest precedence):

•VC configuration in bundle-VC mode

•Bundle configuration in bundle mode (with the effect of assigned VC-class configuration)

Examples

The following example enables OAM management for a bundle called "bundle 1":

bundle bundle1

 oam-bundle manage

Related Commands

platform ip features sequential

To enable Internet Protocol (IP) precedence-based or differentiated services code point (DSCP)-based egress quality of service (QoS) filtering to use any IP precedence or DSCP policing or marking changes made by ingress policy feature card (PFC) QoS, use the platform ip features sequential command in interface configuration mode. To return to the default settings, use the no form of this command.

platform ip features sequential [access-group {ip-acl-name | ip-acl-number}]

no platform ip features sequential [access-group {ip-acl-name | ip-acl-number}]

Syntax Description

Command Default

IP precedence-based or DSCP-based egress QoS filtering uses received IP precedence or DSCP values and does not use any IP precedence or DSCP changes made by ingress QoS as the result of policing or marking.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

Caution If the switch is operating in PFC3A mode with egress ACL support for remarked DSCP configured, when the PFC3 processes traffic to apply ingress PFC QoS, it applies ingress PFC QoS filtering and ingress PFC QoS, and incorrectly applies any egress QoS filtering and egress PFC QoS configured on the ingress interface, which results in unexpected behavior if QoS filtering is configured on an interface where egress ACL support for remarked DSCP is enabled. This problem does not occur in other PFC3 modes.

The enhanced egress-QoS filtering enables the IP precedence-based or DSCP-based egress-QoS filtering to use any IP precedence or DSCP policing or marking changes made by ingress QoS.

The nonenhanced egress-QoS filtering behavior is the normal Cisco 7600 series router or the Catalyst 6500 series switch behavior when QoS is applied in the hardware.

The PFC3 provides egress PFC QoS only for Layer 3-switched and routed traffic on egress Layer 3 interfaces (either LAN ports configured as Layer 3 interfaces or VLAN interfaces).

You configure enhanced egress QoS filtering on ingress Layer 3 interfaces (either LAN ports configured as Layer 3 interfaces or VLAN interfaces).

To enable enhanced egress QoS filtering only for the traffic filtered by a specific standard, extended named, or extended numbered IP ACL, enter the IP ACL name or number.

If you do not enter an IP ACL name or number, enhanced egress QoS filtering is enabled for all IP ingress IP traffic on the interface.

Note When you configure enhanced egress-QoS filtering, the PFC3A processes traffic to apply ingress PFC QoS. The PFC3A applies ingress-QoS filtering and Cisco 7600 series router or the Catalyst 6500 series switch hardware ingress QoS. The PFC3A incorrectly applies any egress-QoS filtering and Cisco 7600 series router or the Catalyst 6500 series switch hardware egress QoS that is configured on the ingress interface.

Note If you configure enhanced egress-QoS filtering on an interface that uses Layer 2 features to match the IP precedence or DSCP as modified by ingress-QoS marking, the packets are redirected or dropped and prevented from being processed by egress QoS.

Note If you enable enhanced egress-QoS filtering, the hardware acceleration of NetFlow-based features such as reflexive ACL, NAT, and TCP intercept are disabled.

To verify configuration, use the show running-config interface command.

Examples

The following example shows how to enable enhanced egress-QoS filtering:

Router(config-if)# platform ip features sequential 

Router(config-if)# 

The following example shows how to disable enhanced egress-QoS filtering:

Router(config-if)# no platform ip features sequential 

Router(config-if)# 

Related Commands

platform qos marker-statistics

To display the number of packets that have modified headers and have been classified into a category for local router processing at a system-wide (platform) level, use the platform qos marker-statistics command in global configuration mode. To disable displaying the QoS: Packet Marking Statistics feature, use the no form of this command.

platform qos marker-statistics

no platform qos marker-statistics

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled (no packet marking statistics are displayed).

Command Modes

Global configuration (config)

Command History

Usage Guidelines

Ensure no policy maps are associated with interfaces on the system. If there are, the system returns the following message:

Either a) A system RELOAD or

       b) Remove all service-policies, re-apply the change

            to the statistics, re-apply all service-policies

			is required before this command will be activated. 

Enabling the Qos: Packet Marking Statistics feature may increase CPU utilization on a scaled configuration. Before enabling the Qos: Packet Marking Statistics feature, weigh the benefits of the statistics information against the increased CPU utilization for your system.

Examples

The following example shows how to do the following:

•Enable the QoS: Packet Marking Statistics feature

•Configure an input service policy on an ingress interface

•Classify traffic to a configured class

•Configure marking in the class to set the IP precedence to 1

•Display the show policy-map interface command output

Router# platform qos marker-statistics

class-map test_class

    match access-group 101

  policy-map test_policy

    class test_class

       set ip precedence 1

Interface POS2/0/1

  service-policy input test_policy

Router# show policy-map interface

POS2/0/1 

  Service-policy input: test_policy

    Class-map: test_class (match-all) 

      6644560 packets, 757479840 bytes

      5 minute offered rate 8720000 bps, drop rate 0000 bps

      Match:  precedence 5 

      QoS Set

        precedence 1

          Packets marked 6644560

    Class-map: class-default (match-any) 

      18 packets, 1612 bytes

      5 minute offered rate 0000 bps, drop rate 0000 bps

      Match: any 

Related Commands

platform qos match-statistics per-filter

To define a QoS packet filter at the system-wide (platform) level, then display the number of packets and bytes matching that filter, use the platform qos match-statistics per-filter command in global configuration mode. To stop filtering, use the no form of this command.

platform qos match-statistics per-filter

no platform qos match-statistics per-filter

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled (no packet matching statistics are displayed).

Command Modes

Global configuration (config)

Command History

Usage Guidelines

Ensure no policy maps are associated with interfaces on the system. If there are, the system returns the following message:

Either a) A system RELOAD or

       b) Remove all service-policies, re-apply the change

            to the statistics, re-apply all service-policies

			is required before this command will be activated. 

Enabling the QoS: Packet Matching Statistics feature may increase CPU utilization on a scaled configuration. Before enabling QoS: Packet Matching Statistics, weigh the benefits of the statistics information against the increased CPU utilization for your system.

Ensure you have defined a filter using the class-map command with the match-any keyword.

Examples

The following example shows you how to use the this command:

Router> enable

Router# configure terminal

Router(config)# platform qos match-statistics per-filter

Router# end

Related Commands

platform vfi dot1q-transparency

To enable 802.1Q transparency mode, use the platform vfi dot1q-transparency command in global configuration mode. To disable 802.1Q transparency, use the no form of this command.

platform vfi dot1q-transparency

no platform vfi dot1q-transparency

Syntax Description

This command has no arguments or keywords.

Command Default

802.1Q transparency mode is disabled.

Command Modes

Global configuration

Command History

Usage Guidelines

This command is supported on Optical Services Modules (OSMs) only.

802.1Q transparency allows a service provider to modify the Multiprotcol Label Switching Experimental bits (MPLS EXP) bits for core-based QoS policies while leaving any Virtual Private LAN Service (VPLS) customer 802.1p bits unchanged.

With releases before Cisco IOS Release 12.2(18)SXF1, application of a service policy to a VLAN interface that matches all and sets the MPLS EXP bits had an effect on both the Interior Gateway Protocol (IGP) label and the VC label. Because the 802.1p bits were rewritten on the egress Provider Edge (PE) based on the received Virtual Circuit (VC) MPLS EXP bits, the VPLS customer's 802.1p bits were changed.

The Dot1q Transparency for EoMPLS feature causes the VLAN-applied policy to affect only the IGP label (for core QoS) and leaves the VC label EXP bits equal to the 802.1p bits. On the egress PE, the 802.1p bits are still rewritten based on the received VC EXP bits; however, because the EXP bits now match the ingress 802.1p bits, a VPLS customer's 802.1p bits do not change.

Global configuration applies to all virtual forwarding instance (VFI) and switched virtual interface (SVI) EoMPLS VCs configured on the Cisco 7600 series routers.

To ensure interoperability, apply the Dot1q Transparency for EoMPLS feature to all participating PE routers.

Examples

This example shows how to enable 802.1Q transparency:

platform vfi dot1q-transparency

This example shows how to disable 802.1Q transparency:

no platform vfi dot1q-transparency

Related Commands

plim qos input

To attach an ingress classification template to an interface of POS, channelized, and clear-channel SPAs use the plim qos input class-map {class-map index} command in interface configuration mode. To assign excess weight value to low priority packets on an interface for a clear-channel SPA, use the plim qos input weight {weight-value} command. Use the no form of the command to remove the ingress classification template assignment for the specified index. Use the no plim qos input weight command to remove the excess scheduling of low priority packets from the interface.

plim qos input {class-map {class-map index} | weight {weight-value}}

no plim qos input {class-map {class-map index} | weight}

Syntax Description

Defaults

SIP0 uses templates 1 to 62, SIP1 uses templates 63 to 124, and so on.

Command Modes

Main interface configuration

Command History

Usage Guidelines

The classification template-specific details are defined in the template, and the template is attached to an interface using the plim qos input class-map class-map index command. The classification template can be deleted using the no form of the command. The plim qos input class-map class-map index command is applicable to POS SPA, channelized SPA, and clear-channel SPA.

The plim qos input weight weight-value command is used to assign sharing of excess bandwidth for low priority packets. The plim qos input weight weight-value command is used to assign weight to an interface, and depending on the relative weight assigned to other interfaces, bandwidth is shared among the interfaces. The excess bandwidth is allocated after the high priority packets are processed.

Note The plim qos input weight weight-value command is applicable to only clear-channel SPAs.

Note The option to configure minimum bandwidth for `strict-priority' queue at port-level (interface-level) is deprecated as it is not applicable to the current mode of operation. Existing configuration will be rejected with an error.

Examples

The following example shows how to attach a classification template to an interface using the plim qos input class-map class-map index command:

Router# config

Router(config)# interface POS 0/2/0

Router(config-if)# plim qos input class-map 2

The following example shows how to assign a weight of 50 to an interface to enable sharing of excess bandwidth among low priority packets using the plim qos input weight 50 command:

Router# config

Router(config)# interface POS 0/2/0

Router(config-if)# plim qos input weight 50

Related Commands

plim qos input map cos (Classify CoS Values for VLAN)

To classify ingress traffic on Ethernet shared port adapters (SPAs) based on the Class of Service (CoS) value or CoS range of either the inner or the outer VLAN tag of a QinQ subinterface as either high priority (low latency) or low priority (queue 0), use the plim qos input map cos command in Dot1Q or QinQ subinterface configuration mode. To disable the CoS-based classification, use the no form of this command.

Command to Classify the CoS Values for an Inner VLAN as High Priority or Low Priority

plim qos input map cos {enable | inner-based | inner {cos-value | cos-range} queue {strict-priority | 0}}

no plim qos input map cos enable

Command to Classify the CoS Values for an Outer VLAN as High Priority or Low Priority

plim qos input map cos {enable | outer-based | outer {cos-value | cos-range} queue {strict-priority | 0}}

no plim qos input map cos enable

Syntax Description

Command Default

A CoS value of 6 or 7 of an outer VLAN is classified as high priority.

Command Modes

Dot1Q or QinQ subinterface configuration mode (config-subif)

Command History

Usage Guidelines

Command to Configure CoS-based Classification for an Inner VLAN

To classify ingress traffic based on inner VLAN CoS values, you must first enable the inner VLAN CoS-based classification using the plim qos input map cos inner-based command.

Command to Configure CoS-based Classification for an Outer VLAN

To classify ingress traffic based on outer VLAN CoS values, you must first enable the outer VLAN CoS-based classification using the plim qos input map cos outer-based command.

To disable the CoS-based classification at the subinterface level and enable the Layer 3 information-based classification at the main interface level, use the no plim qos input map cos enable command in Dot1Q or QinQ subinterface configuration mode. On configuring the no plim qos input map cos enable command, a message indicating that the main interface-level classification configuration will be applicable is displayed.

Note The plim qos input map cos command is supported only on Ethernet SPAs. The plim qos input map cos command is executed from VLAN subinterface configuration mode under a QinQ subinterface.

Examples

The following example shows how to classify a CoS value of 3 of an inner VLAN as high priority:

Router# configure terminal

Router(config)# interface gigabitethernet 0/0/0.1

Router(config-subif)# plim qos input map cos inner-based

Router(config-subif)# plim qos input map cos inner 3 queue strict-priority

The following example shows how to classify a CoS value of 3 of an outer VLAN as high priority:

Router# configure terminal

Router(config)# interface gigabitethernet 0/0/0.1

Router(config-subif)# plim qos input map cos outer-based

Router(config-subif)# plim qos input map cos outer 3 queue strict-priority

The following example shows how to enable the IEEE 802.1Q CoS-based classification in QinQ subinterface configuration mode:

Router# configure terminal

Router(config)# interface gigabitethernet 0/0/0.2

Router(config-subif)# encapsulation dot1q 2 second-dot1q 100

Router(config-subif)# plim qos input map cos enable

The following example shows how to disable IEEE 802.1Q CoS-based classification in QinQ subinterface configuration mode. A message is displayed indicating that the main interface-level classification configuration will be applicable.

Router# configure terminal

Router(config)# interface gigabitethernet 0/0/0.2

Router(config-subif)# encapsulation dot1q 2 second-dot1q 100

Router(config-subif)# no plim qos input map cos enable

%Classification will now be based on Main interface configuration.

The following example shows how to enable IEEE 802.1Q CoS-based classification in Dot1Q subinterface configuration mode:

Router# configure terminal

Router(config)# interface gigabitethernet 0/0/0.1

Router(config-subif)# encapsulation dot1Q 1 native

Router(config-subif)# plim qos input map cos enable 

The following example shows how to disable IEEE 802.1Q CoS-based classification in Dot1Q subinterface configuration mode. A message is displayed indicating that the main interface-level classification configuration will be applicable.

Router# configure terminal

Router(config)# interface gigabitethernet 0/0/0.1

Router(config-subif)# encapsulation dot1Q 1 native

Router(config-subif)# no plim qos input map cos enable

%Classification will now be based on Main interface configuration.

Related Commands

police

To configure traffic policing, use the police command in policy-map class configuration mode or policy-map class police configuration mode. To remove traffic policing from the configuration, use the no form of this command.

police bps [burst-normal] [burst-max] conform-action action exceed-action action [violate-action  action]

no police bps [burst-normal] [burst-max] conform-action action exceed-action action [violate-action action]

Syntax Description

Command Default

Traffic policing is not configured.

Command Modes

Policy-map class configuration (config-pmap-c) when specifying a single action to be applied to a marked packet

Policy-map class police configuration (config-pmap-c-police) when specifying multiple actions to be applied to a marked packet

Command History

Usage Guidelines

Use the police command to mark a packet with different quality of service (QoS) values based on conformance to the service-level agreement.

Traffic policing will not be executed for traffic that passes through an interface.

Specifying Multiple Actions

The police command allows you to specify multiple policing actions. When specifying multiple policing actions when configuring the police command, note the following points:

•You can specify a maximum of four actions at one time.

•You cannot specify contradictory actions such as conform-action transmit and conform-action drop.

Using the Police Command with the Traffic Policing Feature

The police command can be used with the Traffic Policing feature. The Traffic Policing feature works with a token bucket algorithm. Two types of token bucket algorithms are in Cisco IOS Release 12.1(5)T: a single-token bucket algorithm and a two-token bucket algorithm. A single-token bucket system is used when the violate-action option is not specified, and a two-token bucket system is used when the violate-action option is specified.

The token bucket algorithm for the police command that was introduced in Cisco IOS Release 12.0(5)XE is different from the token bucket algorithm for the police command that was introduced in Cisco IOS Release 12.1(5)T. For information on the token bucket algorithm introduced in Release 12.0(5)XE, see the Traffic Policing document for Release 12.0(5)XE. This document is available on the New Features for 12.0(5)XE documentation index (under Modular QoS CLI-related feature modules) at www.cisco.com.

The following are explanations of how the token bucket algorithms introduced in Cisco IOS Release 12.1(5)T work.

Token Bucket Algorithm with One Token Bucket

The one-token bucket algorithm is used when the violate-action option is not specified in the police command CLI.

The conform bucket is initially set to the full size (the full size is the number of bytes specified as the normal burst size).

When a packet of a given size (for example, "B" bytes) arrives at specific time (time "T"), the following actions occur:

•Tokens are updated in the conform bucket. If the previous arrival of the packet was at T1 and the current time is T, the bucket is updated with (T - T1) worth of bits based on the token arrival rate. The token arrival rate is calculated as follows:

(time between packets (which is equal to T - T1) * policer rate)/8 bytes

•If the number of bytes in conform bucket B is greater than or equal to the packet size, the packet conforms and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the conform bucket and the conform action is completed for the packet.

•If the number of bytes in conform bucket B (minus the packet size to be limited) is fewer than 0, the exceed action is taken.

Token Bucket Algorithm with Two Token Buckets

The two-token bucket algorithm is used when the violate-action option is specified in the police command.

The conform bucket is initially full (the full size is the number of bytes specified as the normal burst size).

The exceed bucket is initially full (the full exceed bucket size is the number of bytes specified in the maximum burst size).

The tokens for both the conform and exceed token buckets are updated based on the token arrival rate, or committed information rate (CIR).

When a packet of given size (for example, "B" bytes) arrives at specific time (time "T") the following actions occur:

•Tokens are updated in the conform bucket. If the previous arrival of the packet was at T1 and the current arrival of the packet is at T, the bucket is updated with T -T1 worth of bits based on the token arrival rate. The refill tokens are placed in the conform bucket. If the tokens overflow the conform bucket, the overflow tokens are placed in the exceed bucket.

The token arrival rate is calculated as follows:

(time between packets (which is equal to T-T1) * policer rate)/8 bytes

•If the number of bytes in conform bucket B is greater than or equal to the packet size, the packet conforms and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the conform bucket and the conform action is taken. The exceed bucket is unaffected in this scenario.

•If the number of bytes in conform bucket B is less than the packet size, the excess token bucket is checked for bytes by the packet. If the number of bytes in exceed bucket B is greater than or equal to 0, the exceed action is taken and B bytes are removed from the exceed token bucket. No bytes are removed from the conform bucket.

•If the number of bytes in exceed bucket B is less than the packet size, the packet violates the rate and the violate action is taken. The action is complete for the packet.

Using the set-cos-inner-transmit Action for SIPs and SPAs on the Cisco 7600 Series Router

The set-cos-inner-transmit keyword action was introduced in Cisco IOS Release 12.2(33)SRA to support marking of the inner CoS value as a policing action when using MPB features on the Enhanced FlexWAN module and when using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600 SIP-400 on the Cisco 7600 series router.

This command is not supported on the Cisco 7600 SIP-600.

For more information about QoS and the forms of police commands supported by the SIPs on the Cisco 7600 series router, see the Cisco 7600 Series SIP, SSC, and SPA Software Configuration Guide.

Examples

Token Bucket Algorithm with One Token Bucket: Example

The following example shows how to define a traffic class (using the class-map command) and associate the match criteria from the traffic class with the traffic policing configuration, which is configured in the service policy (using the policy-map command). The service-policy command is then used to attach this service policy to the interface.

In this particular example, traffic policing is configured with the average rate at 8000 bits per second and the normal burst size at 1000 bytes for all packets leaving Fast Ethernet interface 0/0:

Router(config)# class-map access-match

Router(config-cmap)# match access-group 1

Router(config-cmap)# exit

Router(config)# policy-map police-setting

Router(config-pmap)# class access-match

Router(config-pmap-c)# police 8000 1000 conform-action transmit exceed-action drop

Router(config-pmap-c)# exit

Router(config-pmap)# exit

Router(config)# interface fastethernet 0/0

Router(config-if)# service-policy output police-setting

In this example, the initial token buckets starts full at 1000 bytes. If a 450-byte packet arrives, the packet conforms because enough bytes are available in the conform token bucket. The conform action (send) is taken by the packet and 450 bytes are removed from the conform token bucket (leaving 550 bytes).

If the next packet arrives 0.25 seconds later, 250 bytes are added to the token bucket ((0.25 * 8000)/8), leaving 800 bytes in the token bucket. If the next packet is 900 bytes, the packet exceeds and the exceed action (drop) is taken. No bytes are taken from the token bucket.

Token Bucket Algorithm with Two Token Buckets: Example

In this example, traffic policing is configured with the average rate at 8000 bits per second, the normal burst size at 1000 bytes, and the excess burst size at 1000 bytes for all packets leaving Fast Ethernet interface 0/0.

Router(config)# class-map access-match

Router(config-cmap)# match access-group 1

Router(config-cmap)# exit

Router(config)# policy-map police-setting

Router(config-pmap)# class access-match

Router(config-pmap-c)# police 8000 1000 1000 conform-action transmit exceed-action 
set-qos-transmit 1 violate-action drop

Router(config-pmap-c)# exit

Router(config-pmap)# exit

Router(config)# interface fastethernet 0/0

Router(config-if)# service-policy output police-setting

In this example, the initial token buckets starts full at 1000 bytes. If a 450-byte packet arrives, the packet conforms because enough bytes are available in the conform token bucket. The conform action (send) is taken by the packet, and 450 bytes are removed from the conform token bucket (leaving 550 bytes).

If the next packet arrives 0.25 seconds later, 250 bytes are added to the conform token bucket
((0.25 * 8000)/8), leaving 800 bytes in the conform token bucket. If the next packet is 900 bytes, the packet does not conform because only 800 bytes are available in the conform token bucket.

The exceed token bucket, which starts full at 1000 bytes (as specified by the excess burst size), is then checked for available bytes. Because enough bytes are available in the exceed token bucket, the exceed action (set the QoS transmit value of 1) is taken and 900 bytes are taken from the exceed bucket (leaving 100 bytes in the exceed token bucket).

If the next packet arrives 0.40 seconds later, 400 bytes are added to the token buckets ((.40 * 8000)/8). Therefore, the conform token bucket now has 1000 bytes (the maximum number of tokens available in the conform bucket) and 200 bytes overflow the conform token bucket (because only 200 bytes were needed to fill the conform token bucket to capacity). These overflow bytes are placed in the exceed token bucket, giving the exceed token bucket 300 bytes.

If the arriving packet is 1000 bytes, the packet conforms because enough bytes are available in the conform token bucket. The conform action (transmit) is taken by the packet, and 1000 bytes are removed from the conform token bucket (leaving 0 bytes).

If the next packet arrives 0.20 seconds later, 200 bytes are added to the token bucket ((.20 * 8000)/8). Therefore, the conform bucket now has 200 bytes. If the arriving packet is 400 bytes, the packet does not conform because only 200 bytes are available in the conform bucket. Similarly, the packet does not exceed because only 300 bytes are available in the exceed bucket. Therefore, the packet violates and the violate action (drop) is taken.

Conforming to the MPLS EXP Value: Example

The following example shows that if packets conform to the rate limit, the MPLS EXP field is set to 5. If packets exceed the rate limit, the MPLS EXP field is set to 3.

Router(config)# policy-map input-IP-dscp

Router(config-pmap)# class dscp24

Router(config-pmap-c)# police 8000 1500 1000 conform-action 
set-mpls-experimental-imposition-transmit 5 exceed-action 
set-mpls-experimental-imposition-transmit 3

Router(config-pmap-c)# violate-action drop

Setting the Inner CoS Value as an Action for SIPs and SPAs on the Cisco 7600 Series Router: Example

The following example shows configuration of a QoS class that filters all traffic for virtual LAN (VLAN) 100 into a class named "vlan-inner-100" and establishes a traffic shaping policy for the vlan-inner-100 class. The service policy limits traffic to an average rate of 500 kbps, with a normal burst of 1000 bytes and a maximum burst of 1500 bytes, and sets the inner CoS value to 3. Since setting of the inner CoS value is supported only with bridging features, the configuration also shows the service policy being applied as an output policy for an ATM SPA interface permanent virtual circuit (PVC) that bridges traffic into VLAN 100 using the bridge-domain command.

Router(config)# class-map match-all vlan-inner-100

Router(config-cmap)# match vlan inner 100

Router(config-cmap)# exit

Router(config)# policy-map vlan-inner-100

Router(config-pmap)# class vlan-inner-100

Router(config-pmap-c)# police 500000 1000 1500 conform-action set-cos-inner-transmit 3

Router(config-pmap-c)# exit

Router(config-pmap)# exit

Router(config)# interface atm3/0/0

Router(config-if)# pvc 100/100

Router(config-if-atm-vc)# bridge-domain 100 dot1q

Router(config-if-atm-vc)# service-policy output vlan-inner-100

Router(config-if-atm-vc)# end

Related Commands

police (EtherSwitch)

To define a policer for classified traffic, use the police command in policy-map class configuration mode. To remove an existing policer, use the no form of this command.

police {bps | cir bps} [burst-byte | bc burst-byte] conform-action transmit [exceed-action {drop | dscp dscp-value}]

no police {bps | cir bps} [burst-byte | bc burst-byte] conform-action transmit [exceed-action {drop | dscp dscp-value}]

Syntax Description

Command Default

No policers are defined.

Command Modes

Policy-map class configuration

Command History

Usage Guidelines

You can configure up to six policers on ingress Fast Ethernet ports.

You can configure up to 60 policers on ingress Gigabit-capable Ethernet ports.

Policers cannot be configured on egress Fast Ethernet and Gigabit-capable Ethernet ports.

To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode, use the end command.

Use the show policy-map command to verify your settings.

Examples

The following example shows how to configure a policer that sets the DSCP value to 46 if traffic does not exceed a 1-Mbps average rate with a burst size of 65536 bytes and drops packets if traffic exceeds these conditions:

Router(config)# policy-map policy1

Router(config-pmap)# class class1

Router(config-pmap-c)# set ip dscp 46

Router(config-pmap-c)# police 1000000 65536 conform-action transmit exceed-action drop

Router(config-pmap-c)# end

Related Commands

police (percent)

To configure traffic policing on the basis of a percentage of bandwidth available on an interface, use the police command in policy-map class configuration mode. To remove traffic policing from the configuration, use the no form of this command.

Supported Platforms Except the Cisco 10000 Series Router

police cir percent percentage [burst-in-msec] [bc conform-burst-in-msec ms] [be peak-burst-in-msec ms] [pir percent percentage] [conform-action action [exceed-action action [violate-action action]]]

no police cir percent percentage [burst-in-msec] [bc conform-burst-in-msec ms] [be peak-burst-in-msec ms] [pir percent percentage] [conform-action action [exceed-action action [violate-action action]]]

Cisco 10000 Series Router

police cir percent percent [burst-in-msec] [bc conform-burst-in-msec ms] [pir percent] [be peak-burst-in-msec ms] [conform-action action] [exceed-action action]
[violate-action action]

no police cir percent percent [burst-in-msec] [bc conform-burst-in-msec ms] [pir percent] [be peak-burst-in-msec ms] [conform-action action] [exceed-action action]
[violate-action action]

Syntax Description

Command Default

All Supported Platforms

The default bc and be values are 4 ms.

Cisco 10000 Series Routers

The default action for conform-action is transmit.

The default action for exceed-action and violate-action is drop.

Command Modes

Policy-map class configuration (config-pmap-c)

Command History

Usage Guidelines

This command calculates the cir and pir on the basis of a percentage of the maximum amount of bandwidth available on the interface. When a policy map is attached to the interface, the equivalent cir and pir values in bits per second (bps) are calculated on the basis of the interface bandwidth and the percent value entered with this command. The show policy-map interface command can then be used to verify the bps rate calculated.

The calculated cir and pir bps rates must be in the range of 8000 and 2000000000 bps. If the rates are outside this range, the associated policy map cannot be attached to the interface. If the interface bandwidth changes (for example, more is added), the bps values of the cir and the pir are recalculated on the basis of the revised amount of bandwidth. If the cir and pir percentages are changed after the policy map is attached to the interface, the bps values of the cir and pir are recalculated.

Conform Burst and Peak Burst Sizes in Milliseconds

This command also allows you to specify the values for the conform burst size and the peak burst size in milliseconds. If you want bandwidth to be calculated as a percentage, the conform burst size and the peak burst size must be specified in milliseconds (ms).

Hierarchical Policy Maps

Policy maps can be configured in two-level (nested) hierarchies; a top (or "parent") level and a secondary (or "child") level. The police (percent) command can be configured for use in either a parent or child policy map.

Bandwidth and Hierarchical Policy Maps

The police (percent) command uses the maximum rate of bandwidth available as the reference point for calculating the bandwidth percentage. When the police (percent) command is configured in a child policy map, the police (percent) command uses the bandwidth amount specified in the next higher-level policy (in this case, the parent policy map). If the parent policy map does not specify the maximum bandwidth rate available, the police (percent) command uses the maximum bandwidth rate available on the next higher level (in this case, the physical interface, the highest point in the hierarchy) as the reference point. The police (percent) command always looks to the next higher level for the bandwidth reference point. The following sample configuration illustrates this point:

Policymap parent_policy

 class parent

  shape average 512000

  service-policy child_policy

Policymap child_policy

 class normal_type

  police cir percent 30

In this sample configuration, there are two hierarchical policies: one called parent_policy and one called child_policy. In the policy map called child_policy, the police command has been configured in the class called normal_type. In this class, the percentage specified by for the police (percent) command is 30 percent. The command will use 512 kbps, the peak rate, as the bandwidth reference point for class parent in the parent_policy. The police (percent) command will use 512 kbps as the basis for calculating the cir rate (512 kbps * 30 percent).

interface serial 4/0

 service-policy output parent_policy

Policymap parent_policy

 class parent

  bandwidth 512

  service-policy child_policy

In the above example, there is one policy map called parent_policy. In this policy map, a peak rate has not been specified. The bandwidth command has been used, but this command does not represent the maximum rate of bandwidth available. Therefore, the police (percent) command will look to the next higher level (in this case serial interface 4/0) to get the bandwidth reference point. Assuming the bandwidth of serial interface 4/0 is 1.5 Mbps, the police (percent) command will use 1.5 Mbps as the basis for calculating the cir rate (1500000 * 30 percent).

How Bandwidth Is Calculated

The police (percent) command is often used in conjunction with the bandwidth and priority commands. The bandwidth and priority commands can be used to calculate the total amount of bandwidth available on an entity (for example, a physical interface). When the bandwidth and priority commands calculate the total amount of bandwidth available on an entity, the following guidelines are invoked:

•If the entity is a physical interface, the total bandwidth is the bandwidth on the physical interface.

•If the entity is a shaped ATM permanent virtual circuit (PVC), the total bandwidth is calculated as follows:

–For a variable bit rate (VBR) virtual circuit (VC), the sustained cell rate (SCR) is used in the calculation.

–For an available bit rate (ABR) VC, the minimum cell rate (MCR) is used in the calculation.

For more information on bandwidth allocation, refer to the "Congestion Management Overview" chapter in the Cisoc Ios Quality of Service Solutions Configuration Guide.

Using the set-cos-inner-transmit Action for SIPs and SPAs on the Cisco 7600 Series Router

The set-cos-inner-transmit keyword action was introduced in Cisco IOS Release 12.2(33)SRA to support marking of the inner CoS value as a policing action when using MPB features on the Enhanced FlexWAN module, and when using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600 SIP-400 on the Cisco 7600 series router.

This command is not supported on the Cisco 7600 SIP-600.

For more information about QoS and the forms of police commands supported by the SIPs on the Cisco 7600 series router, refer to the Cisco 7600 Series SIP, SSC, and SPA Software Configuration Guide.

Examples

The following example shows how to configure traffic policing using a CIR and a PIR on the basis of a percentage of bandwidth. In this example, a CIR of 20 percent and a PIR of 40 percent have been specified. Additionally, an optional bc value and be value (300 ms and 400 ms, respectively) have been specified.

Router> enable

Router# configure terminal

Router(config)# policy-map policy1

Router(config-pmap)# class class1

Router(config-pmap-c)# police cir percent 20 bc 300 ms be 400 ms pir percent 40 

Router(config-pmap-c-police)# exit 

After the policy map and class maps are configured, the policy map is attached to an interface as shown in the following example:

Router> enable

Router# configure terminal

Router(config)# interface serial4/0 

Router(config-if)# service-policy input policy1

Router(config-if)# exit

Setting the Inner CoS Value as an Action for SIPs and SPAs on the Cisco 7600 Series Router

The following example shows configuration of a QoS class that filters all traffic for virtual LAN (VLAN) 100 into a class named vlan-inner-100 and establishes a traffic shaping policy for the vlan-inner-100 class. The service policy limits traffic to a CIR of 20 percent and a PIR of 40 percent, with a conform burst (bc) of 300 ms, and peak burst (be) of 400 ms, and sets the inner CoS value to 3. Because setting of the inner CoS value is only supported with bridging features, the configuration also shows the service policy being applied as an output policy for an ATM shared port adapter (SPA) interface permanent virtual circuit (PVC) that bridges traffic into VLAN 100 using the bridge-domain command.

Router(config)# class-map match-all vlan-inner-100

Router(config-cmap)# match vlan inner 100

Router(config-cmap)# exit

Router(config)# policy-map vlan-inner-100

Router(config-pmap-c)# police cir percent 20 bc 300 ms be 400 ms pir percent 40 
conform-action set-cos-inner-transmit 3

Router(config-pmap-c)# exit

Router(config-pmap)# exit

Router(config)# interface atm3/0/0

Router(config-if)# pvc 100/100

Router(config-if-atm-vc)# bridge-domain 100 dot1q

Router(config-if-atm-vc)# service-policy output vlan-inner-100

Router(config-if)# end

Cisco 10000 Series Router

The following example shows how to configure the police (percent) command for a priority service. In the example, the priority class named Voice is configured in the policy map named New-Traffic. The router allocates 25 percent of the committed rate to Voice traffic and allows committed bursts of 4 ms and excess bursts of 1 ms. The router transmits Voice traffic that conforms to the committed rate, sets the QoS transmit value to 4 for Voice traffic that exceeds the burst sizes, and drops Voice traffic that violates the committed rate.

Router(config)# policy-map New-Traffic

Router(config-pmap)# class Voice

Router(config-pmap-c)# priority

Router(config-pmap-c)# queue-limit 32

Router(config-pmap-c)# police percent 25 4 ms 1 ms conform-action transmit exceed-action 
set-qos-transmit 4 violate-action drop

Related Commands

police (policy map)

To create a per-interface policer and configure the policy-map class to use it, use the police command in policy-map class configuration mode. To delete the per-interface policer from the policy-map class, use the no form of this command.

police

police bps [[bc] normal-burst-bytes [maximum-burst-bytes | [be] [burst-bytes]]] [pir bps [be burst-bytes]] [conform-action action [exceed-action action [violate-action action]]]

no police bps

police aggregate

police aggregate name

no police aggregate name

police cir

police cir bps [[bc] normal-burst-bytes [maximum-burst-bytes | [be] [burst-bytes]]] [pir bps [be burst-bytes]] [conform-action action [exceed-action action [violate-action action]]]

no police cir bps

police cir percent

police cir percent percent [burst ms [be] [burst ms]] [pir percent percent [be burst ms]] [conform-action action [exceed-action action [violate-action action]]]

no police cir percent

police flow

police flow bps [normal-burst-bytes] [conform-action action [exceed-action action]]

police flow mask {dest-only | full-flow | src-only} bps [normal-burst-bytes] [conform-action action [exceed-action action]]

no police flow

Syntax Description

Command Default

No policing is performed.

Command Modes

Policy-map class configuration (config-pmap-c)

Command History

Usage Guidelines

In Cisco IOS Release 12.2(17d)SXB3, valid values for the bps argument for the FlexWAN interfaces only are from 8,000 to 4,000,000,000 bps.

Use the mls qos aggregate-policer name command to create a named aggregate policer.

You can create two types of aggregate policers: named and per-interface. Both types can be attached to more than one port as follows:

•You create named aggregate policers using the mls qos aggregate-policer command. If you attach a named aggregate policer to multiple ingress ports, it polices the matched traffic from all the ingress ports to which it is attached.

•You define per-interface aggregate policers in a policy-map class using the police command. If you attach a per-interface aggregate policer to multiple ingress ports, it polices the matched traffic on each ingress port separately.

Use the no police aggregate name command to clear the use of the named aggregate policer.

Enter the police flow command to define a microflow policer (you cannot apply microflow policing to ARP traffic).

Enter the police command to define per-interface (not named) aggregate policers.

If the traffic is both aggregate and microflow policed, the aggregate and the microflow policers must both be in the same policy-map class and each must use the same conform-action and exceed-action keywords.

Values for the action Argument

The valid values for the action argument are as follows:

•drop—Drops packets that do not exceed the rate set for the bps argument.

•set-clp-transmit—Sets and sends the ATM cell loss priority (CLP).

•set-cos-inner-transmit {new-cos}—Marks the matched traffic with a new inner class of service (CoS) value of the new-cos argument. Valid values of the new-cos argument are from 0 to 7.

•set-cos-transmit {new-cos}—Marks the matched traffic with a new CoS value of the new-cos argument. Valid values of the new-cos argument are from 0 to 7.

•set-cos-transmit—Sets and sends the ATM cell loss priority (CLP).

•set-dscp-transmit {dscp-bit-pattern | dscp-value | default | ef}—Marks the matched traffic with a new DSCP value:

–dscp-bit-pattern—Specifies a DSCP bit pattern. Valid values are listed in Table 20.

–dscp-value—Specifies a DSCP value. Valid values are from 0 to 63.

–default—Matches packets with the default DSCP value (000000).

–ef—Matches packets with the Expedited Forwarding (EF) per-hop behavior (PHB) DSCP value (101110).

•set-frde-transmit—Sets and sends the Frame Relay discard eligible (FR DE) bit. This is valid for the exceed-action action keyword and argument combination.

•set-mpls-exp-imposition-transmit new-mpls-exp—Rewrites the Multiprotocol Label Switching (MPLS) experimental (exp) bits on imposed label entries and transmits the bits. The new-mpls-exp argument specifies the value used to set the MPLS EXP bits that are defined by the policy map. Valid values for the new-mpls-exp argument are from 0 to 7.

•set-mpls-exp-topmost-transmit—Sets experimental bits on the topmost label and sends the packet.

Note The set-mpls-exp-topmost-transmit keyword is not supported in some releases of the Catalyst 6500 series switch or the Cisco 7600 series router.

•set-prec-transmit new-precedence [exceed-action]—Marks the matched traffic with a new IP-precedence value and transmits it. Valid values for the new-precedence argument are from 0 to 7. You can also follow this action with the exceed-action keyword.

•set-qos-transmit—Rewrites qos-group and sends the packet.

•transmit—Transmits the packets that do not exceed the rate set for the bps argument. The optional keyword and argument combination for the transmit keyword is exceed-action action.

If the following keywords are not specified, the default actions are as follows:

•conform-action is transmit.

•exceed-action is drop.

•violate-action is drop.

Cisco 10000 Series Router

In releases earlier than Cisco IOS Release 12.2(31)SB, if you modify the police rate parameters, but not the action parameters, the action parameters revert to the default actions.

For example, the following sample configuration shows the police command configured in the policy map named test. The police actions are set to set-clp-transmit for conforming, exceeding, and violating traffic. The police rate parameters are then changed to 500000, 250, and 200, respectively, but no actions are modified. When you display the test policy map again, you can see that the police actions default to transmit, drop, and drop, respectively.

Router# show policy-map test

Policy Map test

Class prec1

police 248000 100 10 conform-action set-clp-transmit exceed-action 
set-clp-transmit violate-action set-clp-transmit

Router# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)# policy-map test

Router(config-pmap)# class prec1

Router(config-pmap-c)# police 500000 250 200

Router(config-pmap-c)# end

Router# show policy-map test

Policy Map test

Class prec1

police 500000 250 200 conform-action transmit exceed-action drop violate-action 
drop

Cisco IOS Release 12.2(33)SB and later releases support dual police actions and a police submode; therefore, if you use the police command to modify only the rate parameters, the police actions do not default to the default actions and the previous actions are preserved.

For example, the following sample configuration shows the police command configured under the traffic class named prec1 in the policy map named test. The police rate is specified and the police actions are then specified in police submodes. After you change only the police rate parameters, the police actions do not default, but rather they retain their original settings.

Router# show policy-map test

Policy Map test

Class prec1

police 248000 1000 100 

conform-action set-clp-transmit 

exceed-action set-clp-transmit 

violate-action set-clp-transmit

Router# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)# policy-map test

Router(config-pmap)# class prec1

Router(config-pmap-c)# police 500000 100 200

Router(config-pmap-c)# end

Router# show policy-map test

Policy Map test

Class prec1

police 500000 100 200 

conform-action set-clp-transmit 

exceed-action set-clp-transmit 

violate-action set-clp-transmit

Examples

This example shows how to specify a previously defined aggregate-policer name and configure the policy-map class to use the specified aggregate policer:

Router(config-pmap-c)# police aggregate agg1

This example shows how to create a policy map named police-setting that uses the class map access-match, which is configured to trust received IP-precedence values and is configured with a maximum-capacity aggregate policer and a microflow policer:

Router# configure terminal 

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)# policy-map police-setting

Router(config-pmap)# class access-match

Router(config-pmap-c)# trust ip-precedence

Router(config-pmap-c)# police 1000000000 200000 conform-action set-prec-transmit 6 
exceed-action policed-dscp-transmit

Router(config-pmap-c)# police flow 10000000 10000 conform-action set-prec-transmit 6 
exceed-action policed-dscp-transmit

Router(config-pmap-c)# exit

Related Commands

police (two rates)

To configure traffic policing using two rates, the committed information rate (CIR) and the peak information rate (PIR), use the police command in policy-map class configuration mode. To remove two-rate traffic policing from the configuration, use the no form of this command.

police cir cir [bc conform-burst] [pir pir] [be peak-burst] [conform-action action [exceed-action action [violate-action action]]]

no police cir

Syntax Description

Command Default

Traffic policing using two rates is disabled.

Command Modes

Policy-map class configuration (config-pmap-c)

Command History

Usage Guidelines

Configuring Priority with an Explicit Policing Rate

When you configure a priority class with an explicit policing rate, traffic is limited to the policer rate regardless of congestion conditions. In other words, even if bandwith is available, the priority traffic cannot exceed the rate specified with the explicit policer.

Token Buckets

Two-rate traffic policing uses two token buckets—Tc and Tp—for policing traffic at two independent rates. Note the following points about the two token buckets:

•The Tc token bucket is updated at the CIR value each time a packet arrives at the two-rate policer. The Tc token bucket can contain up to the confirm burst (Bc) value.

•The Tp token bucket is updated at the PIR value each time a packet arrives at the two-rate policer. The Tp token bucket can contain up to the peak burst (Be) value.

Updating Token Buckets

The following scenario illustrates how the token buckets are updated:

A packet of B bytes arrives at time t. The last packet arrived at time t1. The CIR and the PIR token buckets at time t are represented by Tc(t) and Tp(t), respectively. Using these values and in this scenario, the token buckets are updated as follows:

Tc(t) = min(CIR * (t-t1) + Tc(t1), Bc)

Tp(t) = min(PIR * (t-t1) + Tp(t1), Be)

Marking Traffic

The two-rate policer marks packets as either conforming, exceeding, or violating a specified rate. The following points (using a packet of B bytes) illustrate how a packet is marked:

•If B > Tp(t), the packet is marked as violating the specified rate.

•If B > Tc(t), the packet is marked as exceeding the specified rate, and the Tp(t) token bucket is updated as Tp(t) = Tp(t) - B.

Otherwise, the packet is marked as conforming to the specified rate, and both token buckets—Tc(t) and Tp(t)—are updated as follows:

Tp(t) = Tp(t) - B

Tc(t) = Tc(t) - B

For example, if the CIR is 100 kbps, the PIR is 200 kbps, and a data stream with a rate of 250 kbps arrives at the two-rate policer, the packet would be marked as follows:

•100 kbps would be marked as conforming to the rate.

•100 kbps would be marked as exceeding the rate.

•50 kbps would be marked as violating the rate.

Marking Packets and Assigning Actions Flowchart

The flowchart in Figure 4 illustrates how the two-rate policer marks packets and assigns a corresponding action (that is, violate, exceed, or conform) to the packet.

Figure 4 Marking Packets and Assigning Actions with the Two-Rate Policer

Using the set-cos-inner-transmit Action for SIPs and SPAs on the Cisco 7600 Series Router

The set-cos-inner-transmit keyword action was introduced in Cisco IOS Release 12.2(33)SRA to support marking of the inner CoS value as a policing action when using MPB features on the Enhanced FlexWAN module, and when using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600 SIP-400 on the Cisco 7600 series router.

This command is not supported on the Cisco 7600 SIP-600.

For more information about QoS and the forms of police commands supported by the SIPs on the Cisco 7600 series router, see the Cisco 7600 Series SIP, SSC, and SPA Software Configuration Guide.

Examples

Setting Priority with an Explicit Policing Rate

In the following example, priority traffic is limited to a committed rate of 1000 kbps regardless of congestion conditions in the network:

Router(config)# policy-map p1

Router(config-pmap)# class c1

Router(config-pmap-c)# police cir 1000000 conform-action transmit exceed-action drop

Two-Rate Policing

In the following example, two-rate traffic policing is configured on a class to limit traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps:

Router(config)# class-map police

Router(config-cmap)# match access-group 101

Router(config-cmap)# policy-map policy1

Router(config-pmap)# class police

Router(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action 
transmit exceed-action set-prec-transmit 2 violate-action drop

Router(config-pmap-c)# exit

Router(config-pmap)# exit

Router(config)# interface serial3/0

Router(config-if)# service-policy output policy1

Router(config-if)# end

Router# show policy-map policy1

 Policy Map policy1

  Class police

   police cir 500000 conform-burst 10000 pir 1000000 peak-burst 10000 conform-action 
transmit exceed-action set-prec-transmit 2 violate-action drop

Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent. All traffic marked as exceeding 1 Mbps will be dropped. The burst parameters are set to 10000 bytes.

In the following example, 1.25 Mbps of traffic is sent ("offered") to a policer class:

Router# show policy-map interface serial3/0

 Serial3/0

  Service-policy output: policy1

   Class-map: police (match all)

    148803 packets, 36605538 bytes

    30 second offered rate 1249000 bps, drop rate 249000 bps

    Match: access-group 101

    police:

     cir 500000 bps, conform-burst 10000, pir 1000000, peak-burst 100000

     conformed 59538 packets, 14646348 bytes; action: transmit

     exceeded 59538 packets, 14646348 bytes; action: set-prec-transmit 2

     violated 29731 packets, 7313826 bytes; action: drop

     conformed 499000 bps, exceed 500000 bps violate 249000 bps

   Class-map: class-default (match-any)

    19 packets, 1990 bytes

    30 seconds offered rate 0 bps, drop rate 0 bps

    Match: any

The two-rate policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding, and 250 kbps of traffic as violating the specified rate. Packets marked as conforming to the rate will be sent as is, and packets marked as exceeding the rate will be marked with IP Precedence 2 and then sent. Packets marked as violating the rate are dropped.

Setting the Inner CoS Value as an Action for SIPs and SPAs on the Cisco 7600 Series Router: Example

The following example shows configuration of a QoS class that filters all traffic for virtual LAN (VLAN) 100 into a class named "vlan-inner-100," and establishes a traffic shaping policy for the vlan-inner-100 class. The service policy limits traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps and sets the inner CoS value to 3. Since setting of the inner CoS value is only supported with bridging features, the configuration also shows the service policy being applied as an output policy for an ATM SPA interface permanent virtual circuit (PVC) that bridges traffic into VLAN 100 using the bridge-domain command.

Router(config)# class-map match-all vlan-inner-100

Router(config-cmap)# match vlan inner 100

Router(config-cmap)# exit

Router(config)# policy-map vlan-inner-100

Router(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action 
set-cos-inner-transmit 3

Router(config-pmap-c)# exit

Router(config-pmap)# exit

Router(config)# interface atm3/0/0

Router(config-if)# pvc 100/100

Router(config-if-atm-vc)# bridge-domain 100 dot1q

Router(config-if-atm-vc)# service-policy output vlan-inner-100

Router(config-if-atm-vc)# end

Related Commands

police rate (control-plane)

To configure traffic policing for traffic that is destined for the control plane, use the police rate command in QoS policy-map class configuration mode. To remove traffic policing from the configuration, use the no form of this command.

police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [peak-burst peak-burst-in-packets packets] [conform-action action]

no police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [peak-burst peak-burst-in-packets packets] [conform-action action]

Syntax for Packets per Seconds (pps)

police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [peak-burst peak-burst-in-packets packets]

no police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [pack-burst peak-burst-in-packets packets]

Syntax for Bytes per Seconds (bps)

police rate units bps [burst burst-in-bytes bytes] [peak-rate peak-rate-in-bps bps] [peak-burst peak-burst-in-bytes bytes]

no police rate units bps [burst burst-in-bytes bytes] [peak-rate peak-rate-in-bps bps] [peak-burst peak-burst-in-bytes bytes]

Syntax for Percent

police rate percent percentage [burst ms ms] [peak-rate percent percentage] [peak-burst ms ms]

no police rate percent percentage [burst ms ms] [peak-rate percent percentage] [peak-burst ms ms]

Syntax for Cisco 10000 Series Router

police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [peak-burst peak-burst-in-packets packets] [conform-action action [exceed-action action] [violate-action action]

no police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [peak-burst peak-burst-in-packets packets] [conform-action action] [exceed-action action] [violate-action action]

Syntax Description

Command Default

Disabled

Command Modes

QoS policy-map class configuration

Command History

Usage Guidelines

Use the police rate command to limit traffic that is destined for the control plane on the basis of packets per second (pps), bytes per seconds (bps), or a percentage of interface bandwidth.

If the police rate command is issued, but the a rate is not specified, traffic that is destined for the control plane will be policed on the basis of bps.

Table 21 lists the actions you can specify for the action argument.

Examples

The following example shows how to configure the action to take on packets that conform to the police rate limit:

Router(config)# access-list 140 deny tcp host 10.1.1.1 any eq telnet 

Router(config)# access-list 140 deny tcp host 10.1.1.2 any eq telnet 

Router(config)# access-list 140 permit tcp any any eq telnet 

Router(config)# class-map match-any pps-1 

Router(config-cmap)# match access-group 140 

Router(config-cmap)# exit 

Router(config)# policy-map copp-pps 

Router(config-pmap)# class pps-1 

Router(config-pmap)# police rate 10000 pps burst 100 packets peak-rate 10100 pps 
peak-burst 150 packets conform-action transmit 

Router(config-cmap)# exit 

Router(config)# control-plane 

Router(config-cp)# service-policy input copp-pps 

Router(config-cp)# exit 

Related Commands

police rate pdp

To configure Packet Data Protocol (PDP) traffic policing using the police rate, use the police rate pdp command in policy-map class configuration mode or policy-map class police configuration mode. To remove PDP traffic policing from the configuration, use the no form of this command.

police rate pdp [burst bytes] [peak-rate pdp [peak-burst bytes]] conform-action action exceed-action action [violate-action action]

no police rate pdp [burst bytes] [peak-rate pdp [peak-burst bytes]] conform-action action exceed-action action [violate-action action]

Syntax Description

Command Default

PDP traffic policing is disabled.

Command Modes

Policy-map class configuration
Policy-map class police configuration

Command History

Usage Guidelines

The police rate pdp command is included with the Flow-Based QoS for GGSN feature available with Cisco IOS Release 12.4(9)T.

The Flow-Based QoS for GGSN feature is designed specifically for the Gateway General Packet Radio Service (GPRS) Support Node (GGSN).

Per-PDP Policing

The Flow-Based QoS for GGSN feature includes per-PDP policing (session-based policing).

Per-PDP policing is a gateway GPRS support node traffic conditioner (3G TS 23.107) function that can be used to limit the maximum rate of traffic received on the Gi interface for a particular PDP context.

The policing function enforces the call admission control (CAC)-negotiated data rates for a PDP context. The GGSN can be configured to either drop nonconforming traffic or mark nonconforming traffic for preferential dropping if congestion should occur.

The policing parameters used depend on the PDP context, such as the following:

•For GTPv1 PDPs with R99 quality of service (QoS) profiles, the maximum bit rate (MBR) and guaranteed bit rate (GBR) parameters from the CAC-negotiated QoS profile are used. For nonreal time traffic, only the MBR parameter is used.

•For GTPv1 PDPs with R98 QoS profiles and GTPv0 PDPs, the peak throughput parameter from the CAC-negotiated QoS policy is used.

Before configuring per-PDP policing, note the following points:

•Universal Mobile Telecommunications System (UMTS) QoS mapping must be enabled on the GGSN.

•Cisco Express Forwarding (CEF) must be enabled on the Gi interface.

•Per-PDP policing is supported for downlink traffic at the Gi interface only.

•The initial packets of a PDP context are not policed.

•Hierarchical policing is not supported.

•If flow-based policing is configured in a policy map that is attached to an Access Point Network (APN), the show policy-map apn command displays the total number of packets received before policing and does not display the policing counters.

Note To clear policing counters displayed by the show policy-map apn command, use the clear gprs access-point statistics access-point-index command.

•A service policy that has been applied to an APN cannot be modified. To modify a service policy, remove the service policy from the APN, modify it, and then reapply the service policy.

•Multiple class maps, each with match flow pdp configured and a different differentiated services code point (DSCP) value specified, are supported in a policy map only if the DSCP is trusted (the gprs umts-qos dscp unmodified global configuration command has not been configured on the GGSN).

For More Information

For more information about the GGSN, along with the instructions for configuring the Flow-Based QoS for GGSN feature, see the Cisco GGSN Release 6.0 Configuration Guide, Cisco IOS Release 12.4(2)XB.

Note To configure the Flow-Based QoS for GGSN feature, follow the instructions in the section called "Configuring Per-PDP Policing."

For more information about the show policy-map apn command, the gprs umts-qos dscp unmodified command, the clear gprs access-point statistics command, and other GGSN-specific commands, see theCisco GGSN Release 6.0 Command Reference, Cisco IOS Release 12.4(2)XB.

Examples

The following is an example of a per-PDP policing policy map applied to an APN:

class-map match-all class-pdp

 match flow pdp

!

! Configures a policy map and attaches this class map to it.

policy-map policy-gprs

 class class-pdp

  police rate pdp

    conform-action set-dscp-transmit 15

    exceed-action set-dscp-transmit 15

    violate-action drop

! Attaches the policy map to the APN.

gprs access-point-list gprs

  access-point 1

   access-point-name static

   service-policy input policy-gprs

Related Commands

policy-map

To enter policy-map configuration mode and create or modify a policy map that can be attached to one or more interfaces to specify a service policy, use the policy-map command in global configuration mode. To delete a policy map, use the no form of this command.

Supported Platforms Other Than Cisco 10000 and Cisco 7600 Series Routers

policy-map [type {stack | access-control | port-filter | queue-threshold | logging log-policy}] policy-map-name

no policy-map [type {stack | access-control | port-filter | queue-threshold | logging log-policy}] policy-map-name

Cisco 10000 Series Router

policy-map [type {control | service}] policy-map-name

no policy-map [type {control | service}] policy-map-name

Cisco 7600 Series Router

policy-map [type {class-routing ipv4 unicast unicast-name | control control-name | service service-name}] policy-map-name

no policy-map [type {class-routing ipv4 unicast unicast-name | control control-name | service service-name}] policy-map-name

Syntax Description

Command Default

The policy map is not configured.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

Use the policy-map command to specify the name of the policy map to be created, added, or modified before you configure policies for classes whose match criteria are defined in a class map. The policy-map command enters policy-map configuration mode, in which you can configure or modify the class policies for a policy map.

You can configure class policies in a policy map only if the classes have match criteria defined for them. Use the class-map and match commands to configure match criteria for a class. Because you can configure a maximum of 64 class maps, a policy map cannot contain more than 64 class policies, except as noted for quality of service (QoS) class maps on Cisco 7600 series routers.

Note For QoS class maps on Cisco 7600 series routers, the limits are 1024 class maps and 256 classes in a policy map.

A policy map containing ATM set cell loss priority (CLP) bit QoS cannot be attached to PPP over X (PPPoX) sessions. The policy map is accepted only if you do not specify the set atm-clp command.

A single policy map can be attached to more than one interface concurrently. Except as noted, when you attempt to attach a policy map to an interface, the attempt is denied if the available bandwidth on the interface cannot accommodate the total bandwidth requested by class policies that make up the policy map. In such cases, if the policy map is already attached to other interfaces, the map is removed from those interfaces.

Note This limitation does not apply on Cisco 7600 series routers that have session initiation protocol (SIP)-400 access-facing line cards.

Whenever you modify a class policy in an attached policy map, the class-based weighted fair queueing (CBWFQ) is notified and the new classes are installed as part of the policy map in the CBWFQ system.

Note Policy-map installation via subscriber-profile is not supported. If you configure an unsupported policy map and there are a large number of sessions, an equally large number of messages print on the console. For example, if there are 32,000 sessions, then 32,000 messages print on the console at 9,600 baud.

Class Queues (Cisco 10000 Series Routers Only)

The Performance Routing Engine (PRE)2 allows you to configure 31 class queues in a policy map.

In a policy map, the PRE3 allows you to configure one priority level 1 queue, one priority level 2 queue, 12 class queues, and one default queue.

Control Policies (Cisco 10000 Series Routers Only)

Control policies define the actions that your system will take in response to the specified events and conditions.

A control policy is made of one or more control policy rules. A control policy rule is an association of a control class and one or more actions. The control class defines the conditions that must be met before the actions are executed.

There are three steps involved in defining a control policy:

1. Using the class-map type control command, create one or more control class maps.

2. Using the policy-map type control command, create a control policy map.

A control policy map contains one or more control policy rules. A control policy rule associates a control class map with one or more actions. Actions are numbered and executed sequentially.

3. Using the service-policy type control command, apply the control policy map to a context.

Service Policies (Cisco 10000 Series Routers Only)

Service policy maps and service profiles contain a collection of traffic policies and other functions. Traffic policies determine which function is applied to which session traffic. A service policy map or service profile may also contain a network-forwarding policy, which is a specific type of traffic policy that determines how session data packets will be forwarded to the network.

Policy Map Restrictions (Catalyst 6500 Series Switches Only)

Cisco IOS Release 12.2(18)ZY includes software intended for use on the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA engine. This release and platform has the following restrictions for using policy maps and match commands:

•You cannot modify an existing policy map if the policy map is attached to an interface. To modify the policy map, remove the policy map from the interface by using the no form of the service-policy command.

•Policy maps contain traffic classes. Traffic classes contain one or more match commands that can be used to match packets (and organize them into groups) on the basis of a protocol type or application. You can create as many traffic classes as needed. However, the following restrictions apply:

–A single traffic class can be configured to match a maximum of 8 protocols or applications.

–Multiple traffic classes can be configured to match a cumulative maximum of 95 protocols or applications.

Examples

The following example shows how to create a policy map called "policy1" and configure two class policies included in that policy map. The class policy called "class1" specifies a policy for traffic that matches access control list (ACL) 136. The second class is the default class to which packets that do not satisfy the configured match criteria are directed.

! The following commands create class-map class1 and define its match criteria:

class-map class1

 match access-group 136

! The following commands create the policy map, which is defined to contain policy

! specification for class1 and the default class:

policy-map policy1

class class1

 bandwidth 2000

 queue-limit 40

class class-default

 fair-queue 16

 queue-limit 20

The following example show how to create a policy map called "policy9" and configure three class policies to belong to that map. Of these classes, two specify the policy for classes with class maps that specify match criteria based on either a numbered ACL or an interface name, and one specifies a policy for the default class called "class-default" to which packets that do not satisfy the configured match criteria are directed.

policy-map policy9

class acl136

 bandwidth 2000

 queue-limit 40

class ethernet101

 bandwidth 3000

 random-detect exponential-weighting-constant 10

class class-default

 fair-queue 10

 queue-limit 20

The following is an example of a modular QoS command-line interface (MQC) policy map configured to initiate the QoS service at the start of a session.

Router> enable

Router# configure terminal

Router(config)# policy-map type control TEST

Router(config-control-policymap)# class type control always event session-start

Router(config-control-policymap-class-control)# 1 service-policy type service name 
QoS_Service

Router(config-control-policymap-class-control)# end

Examples for Cisco 10000 Series Routers Only

The following example shows the configuration of a control policy map named "rule4". Control policy map rule4 contains one policy rule, which is the association of the control class named "class3" with the action to authorize subscribers using the network access server (NAS) port ID. The service-policy type control command is used to apply the control policy map globally.

class-map type control match-all class3

 match access-type pppoe

 match domain cisco.com

 available nas-port-id

!

policy-map type control rule4

 class type control class3

  authorize nas-port-id

!

service-policy type control rule4

The following example shows the configuration of a service policy map named "redirect-profile":

policy-map type service redirect-profile

 class type traffic CLASS-ALL

  redirect to group redirect-sg 

Related Commands

policy-map copp-peruser

To create a policy map that defines a Control Plane Policing and Protection (CoPP) per-user policy, use the policy-map copp-peruser command in global configuration mode. To disable, use the no form of the command.

policy-map copp-peruser

no policy-map copp-peruser

Syntax Description

This command has no keywords or arguments.

Command Default

No policy map is configured.

Command Modes

Global configuration

Command History

Usage Guidelines

Use this command to create a CoPP per-user policy map when configuring CoPP.

Examples

The following example creates a CoPP per-user policy map:

Router(config)# policy-map copp-peruser

Router(config-pmap)# class arp-peruser

Router(config-pmap-c)# police rate 5 pps burst 50 packets

Router(config-pmap-c)# class dhcp-peruser

Router(config-pmap-c)# police rate 10 pps burst 100 packets

Related Commands

precedence

To configure precedence levels for a virtual circuit (VC) class that can be assigned to a VC bundle and thus applied to all VC members of that bundle, use the precedence command in vc-class configuration mode. To remove the precedence levels from the VC class, use the no form of this command.

To configure the precedence levels for a VC or permanent virtual circuit (PVC) member of a bundle, use the precedence command in bundle-vc configuration mode for ATM VC bundle members, or in switched virtual circuit (SVC)-bundle-member configuration mode for an ATM SVC. To remove the precedence levels from the VC or PVC, use the no form of this command.

precedence [other | range]

no precedence

Syntax Description

Command Default

Defaults to other—that is, any precedence levels in the range from 0 to 7 that are not explicitly configured.

Command Modes

VC-class configuration (for a VC class)
Bundle-vc configuration (for ATM VC bundle members)
SVC-bundle-member configuration (for an ATM SVC)

Command History

Usage Guidelines

Assignment of precedence levels to VC or PVC bundle members allows you to create differentiated service because you can distribute the IP precedence levels over the various VC/PVC bundle members. You can map a single precedence level or a range of levels to each discrete VC/PVC in the bundle, thereby enabling VCs/PVCs in the bundle to carry packets marked with different precedence levels. Alternatively, you can use the precedence other command to indicate that a VC/PVC can carry traffic marked with precedence levels not specifically configured for other VCs/PVCs. Only one VC/PVC in the bundle can be configured using the precedence other command. This VC/PVC is considered the default one.

To use this command in vc-class configuration mode, first enter the vc-class atm command in global configuration mode. The precedence command has no effect if the VC class that contains the command is attached to a standalone VC; that is, if the VC is not a bundle member.

To use the precedence command to configure an individual bundle member in bundle-VC configuration mode, first enter the bundle command to enact bundle configuration mode for the bundle to which you want to add or modify the VC member to be configured. Then use the pvc-bundle command to specify the VC to be created or modified and enter bundle-VC configuration mode.

VCs in a VC bundle are subject to the following configuration inheritance guidelines (listed in order of next-highest precedence):

•VC configuration in bundle-vc mode

•Bundle configuration in bundle mode (with effect of assigned vc-class configuration)

•Subinterface configuration in subinterface mode

Examples

The following example configures a class called "control-class" that includes a precedence command that, when applied to a bundle, configures all VC members of that bundle to carry IP precedence level 7 traffic. Note, however, that VC members of that bundle can be individually configured with the precedence command at the bundle-vc level, which would supervene.

vc-class atm control-class

 precedence 7

The following example configures PVC 401 (with the name of "control-class") to carry traffic with IP precedence levels in the range of 4-2, overriding the precedence level mapping set for the VC through vc-class configuration:

pvc-bundle control-class 401

 precedence 4-2

Related Commands

precedence (WRED group)

To configure a Weighted Random Early Detection (WRED) or VIP-distributed WRED (DWRED) group for a particular IP Precedence, use the precedence command in random-detect-group configuration mode. To return the values for each IP Precedence for the group to the default values, use the no form of this command.

precedence precedence min-threshold max-threshold mark-probability-denominator

no precedence precedence min-threshold max-threshold mark-probability-denominator

Syntax Description

Command Default

For all IP Precedences, the mark-probability-denominator argument is 10, and the max-threshold argument is based on the output buffering capacity and the transmission speed for the interface.

The default min-threshold argument depends on the IP Precedence. The min-threshold argument for IP Precedence 0 corresponds to half of the max-threshold argument. The values for the remaining IP Precedences fall between half the max-threshold argument and the max-threshold argument at evenly spaced intervals. See Table 22 in the "Usage Guidelines" section for a list of the default minimum value for each IP Precedence.

Command Modes

Random-detect-group configuration

Command History

Usage Guidelines

WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when congestion exists. DWRED is similar to WRED but uses the Versatile Interface Processor (VIP) instead of the Route Switch Processor (RSP).

If used, this command is issued after the random-detect-group command.

When you configure the random-detect group command on an interface, packets are given preferential treatment based on the IP Precedence of the packet. Use the precedence command to adjust the treatment for different IP Precedences.

If you want WRED or DWRED to ignore the IP Precedence when determining which packets to drop, enter this command with the same parameters for each IP Precedence. Remember to use reasonable values for the minimum and maximum thresholds.

Note The default WRED or DWRED parameter values are based on the best available data. We recommend that you do not change the parameters from their default values unless you have determined that your applications would benefit from the changed values.

Table 22 lists the default minimum value for each IP Precedence.

Examples

The following example specifies parameters for the WRED parameter group called sanjose for the different IP Precedences:

random-detect-group sanjose

 precedence 0 32 256 100

 precedence 1 64 256 100

 precedence 2 96 256 100

 precedence 3 128 256 100

 precedence 4 160 256 100

 precedence 5 192 256 100

 precedence 6 224 256 100

 precedence 7 256 256 100

Related Commands

preempt-priority

To specify the Resource Reservation Protocol (RSVP) quality of service (QoS) priorities to be inserted into PATH and RESV messages if they were not signaled from an upstream or downstream neighbor or local client application, use the preempt-priority command in local policy configuration mode. To delete the priorities, use the no form of this command.

preempt-priority [traffic-eng x] setup-priority [hold-priority]

no preempt-priority [traffic-eng x] setup-priority [hold-priority]

Syntax Description

Command Default

No RSVP QoS priorities are specified until you configure them.

Command Modes

Local policy configuration

Command History

Usage Guidelines

Use the preempt-priority command to specify the maximum setup or hold priority that RSVP QoS or MPLS/ TE sessions can signal. A PATHERROR, RESVERROR, or local application error is returned if these limits are exceeded.

If an incoming message has a preemption priority that requests a priority higher than the policy allows, the message is rejected. Use the tunnel mpls traffic-eng priority command to configure preemption priority for TE tunnels.

A single policy can contain a preempt-priority traffic-eng and a preempt-priority command, which may be useful if the policy is bound to an access control list (ACL) that identifies a subnet containing a mix of TE and non-TE endpoints or midpoints.

When selecting reservations for preemption, RSVP preempts lower-priority reservations before those with higher priority. If there are multiple nonTE reservations with the same preemption priority, RSVP selects the oldest reservations first.

Examples

The following example has a setup priority of 0 and a hold priority of 5:

Router(config-rsvp-local-policy)# preempt-priority 0 5

Related Commands

priority

To give priority to a class of traffic belonging to a policy map, use the priority command in policy-map class configuration mode. To remove a previously specified priority for a class, use the no form of this command.

priority {bandwidth-kbps | percent percentage} [burst]

no priority {bandwidth-kbps | percent percentage} [burst]

Syntax Description