300 Chapter 8: QoS Support on the Catalyst 6500
Policing
Policing is another feature available on the Catalyst 6500. Policing enables the adminis-
trator to control bandwidth utilization for certain applications. This guarantees the
necessary bandwidth for voice and video and other mission-critical applications. Policing
is performed in hardware on the PFC without impacting switch performance. Policing
cannot occur on the 6500 platform without a PFC and is currently only supported for
ingress traffic. The PFC version within the platform determines the extent of the policing
functionality. The Catalyst 6500 offers both single-rate and two-rate policing.
The purpose of this section is to explain policing operation, as it pertains to the Catalyst
6500. It includes a discussion of microflow and aggregate policers, single-rate policing on
the PFC1 and PFC2, and two-rate policing on the PFC2. Finally, the section includes
numerous configuration examples and various show commands used to verify operation.
Microflow and Aggregate Policers
Two types of policers are available on the Catalyst 6500: microflow and aggregate policers.
Microflow policers limit the bandwidth consumed by individual flows on a port-by-port or
interface basis. A flow is very specific and can be defined using Layer 3 source and desti-
nation addresses, Layer 4 protocol type, and Layer 4 source and destination port numbers.
The bandwidth limitation is applied to each flow matching the criteria defined in the ACLs
separately. The Catalyst 6500 can support up to 63 microflow policers.
Aggregate policers limit an aggregate of individual flows across multiple ports or inter-
faces, or on a single port or interface, to one specified rate. The shared aggregate policer
polices all traffic to a configured rate for all ports to which the policer is applied. On the
other hand, the interface aggregate policer polices all flows for each individual interface.
Up to 1023 aggregate policers can be defined on the Catalyst 6500.
Consider the following example. Assume there is a microflow policer defined limiting the
bandwidth consumption for certain IPTV streams to 1.5 Mbps. After the policer has been
defined, it is applied to the appropriate interfaces, in this case ports 5/1 and 5/3. In this case,
d1 : d2 0 1 2 3 4 5 6 7 8 9
-------------------------------------
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 00 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
(text omitted)
Example 8-30 Modifying the Policed DSCP Mark-Down Table in Native Mode (Continued)
Policing 301
although one microflow policer has been defined and applied to the two separate ports, all
IPTV traffic matching the configured criteria is limited to 1.5 Mbps per flow. Therefore, if
one flow exists on port 5/1 and two flows exist on port 5/3, each flow is limited to 1.5 Mbps,
for a combined total of 4.5 Mbps. Aggregate policers differ slightly. Consider the same
situation, but now the configured policer is an aggregate policer. In this case, the combined
inbound flows for port 5/1 and port 5/3 are considered and allocated a total of 1.5 Mbps.
Any traffic exceeding this rate is classified as nonconforming and subsequently policed.
Figure 8-8 Microflow Versus Aggregate Policer
Discard
Policer
Discard
Policer
Discard
Policer
Microflow Policing
Discard
Aggregate Policing
Policer

Get Cisco Catalyst QoS: Quality of Service in Campus Networks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.