The lab requirement here is to meter incoming HTTP traffic. When the traffic rate is less than 256kbps packets should be marked with precedence 4, and when the traffic exceeds 256kbps the traffic should be marked with precedence 0. The normal burst duration is 100 ms amd and an excess burst of 100ms should be allowed. Traffic exceeding these parameters should be dropped.
With the policing config the traffic rate is configured as bps wherease the burst size is configured in bytes. For a burst duration of 100ms then the burst size is calculated as follows: 256000 / 10 / 8 = 3200
I apply the configuration on R1 as follows
R1
class-map HTTP
match protocol http
policy-map POLICE
class HTTP
police 256000 bc 3200 be 3200 conform-action set-prec-transmit 4 exceed-action set-prec-transmit 0 violate-action drop
int fa0/0
service-policy input POLICE
Verification
Router_1#show policy-map int fa0/0
FastEthernet0/0
Service-policy input: POLICE
Class-map: HTTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http
police:
cir 256000 bps, bc 3200 bytes, be 3200 bytes
conformed 0 packets, 0 bytes; actions:
set-prec-transmit 4
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 0
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
A further addendum to this post is the ability to police individual traffic flows inside an pre-existing policer!
For example, R1 is on a LAN segment connected to R6 and R4. A further requirement might be that traffic flows from these routers should only be able to consume half of the available bandwidth i.e. 128kbps each. This can be achieved by nesting policers as follows.
ip access-list extended R4
permit ip host 155.1.146.4 any
ip access-list extended R6
permit ip host 155.1.146.6 any
class-map R4
match access-group name R4
class-map R6
match access-group name R6
policy-map POLICE2
class R4
POLICE 128000 1600 1600 conform-action set-prec-transmit 4 exceed-action set-prec-transmit 0 violate-action drop
class R6
POLICE 128000 1600 1600 conform-action set-prec-transmit 4 exceed-action set-prec-transmit 0 violate-action drop
policy-map POLICE
class HTTP
police 256000 bc 3200 be 3200 conform-action transmit exceed-action set-prec-transmit 0 violate-action drop
service-policy POLICE2
Verification
Router_1#s policy-map int fa0/0
FastEthernet0/0
Service-policy input: POLICE
Class-map: HTTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http
police:
cir 256000 bps, bc 3200 bytes, be 3200 bytes
conformed 0 packets, 0 bytes; actions:
set-prec-transmit 4
transmit
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 0
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Service-policy : POLICE2
Class-map: R4 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name R4
police:
cir 128000 bps, bc 1600 bytes, be 1600 bytes
conformed 0 packets, 0 bytes; actions:
set-prec-transmit 4
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 0
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: R6 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name R6
police:
cir 128000 bps, bc 1600 bytes, be 1600 bytes
conformed 0 packets, 0 bytes; actions:
set-prec-transmit 4
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 0
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
No comments:
Post a Comment