Download This Guide
Configuring Layer 2 Policing on IQE PICs
The IQE PIC can police traffic at Layer 2 in a hierarchical manner. Policing is the practice of making sure that different streams of incoming traffic conform to certain parameters and limits. If the incoming traffic exceeds the established boundaries, that traffic can be marked or even ignored, depending on configuration. Hierarchical policing maintains two rates: an aggregate rate and a high-priority rate. The traffic is marked differently depending on service class (currently, the classes are expedited forwarding and nonexpedited forwarding). The expedited traffic has an additional rate configured, the guaranteed rate (CIR), which is only marked above that limit. If there is no expedited traffic present, then the non-expedited traffic is able to use the aggregate bandwidth rate before being marked with a packet loss priority. When expedited traffic is present, it is marked above the guaranteed rate, but also uses bandwidth from the nonexpedited range.
For example, consider an aggregate rate of 10 Mbps and a high-priority rate of 2 Mbps of a Fast Ethernet interface. The guaranteed rate is also set at 2 Mbps for expedited forwarding traffic. If there is no expedited traffic present, then nonexpedited traffic can use up to 10 Mbps before being marked. When expedited forwarding traffic is present, the expedited traffic is guaranteed 2 Mbps (of the 10 Mbps) without being marked, but is marked above the 2 Mbps limit. In this case, the nonexpedited forwarding traffic can use the remaining 8 Mbps before being marked.
This section discusses the following IQE PIC Layer 2 policing topics:
Layer 2 Policer Limitations
Layer 2 policers configured on IQE PICs have the following limitations:
- Only one kind of policer is supported on a physical or logical interface. For example, a hierarchical or two- or three-color policer in the same direction on the same logical interface is not supported.
- Applying policers to both physical port and logical interface (policer chaining) is not supported.
- If there is no behavior aggregate classification, there is a limit of 64 policers per interface. (Usually, there will be a single policer per DLCI in frame relay and other logical interface types.)
- The policer should be independent of behavior aggregate classification. (Without a behavior aggregate, all traffic is treated as either expedited or non-expedited forwarding, depending on configuration.)
- With a behavior aggregate, traffic not matching any classification bits (such as DSCP or EXP) is policed as nonexpedited forwarding traffic.
- Only two levels of traffic policing are supported: aggregate and premium.
Configuring Layer 2 Policers on IQE PICs
To configure Layer 2 policing on the IQE PIC, for each forwarding class include the class statement with the policing-priority option at the [edit class-of-service forwarding-classes] hierarchy level. One forwarding class has the premium option and the others are configured as normal.
You must also configure the aggregate and premium statements in the firewall filter performing the policing.
You must also apply the policer to the logical or physical interface on the IQE PIC:
For SONET/SDH physical interfaces, the hierarchical policer configuration statements will only be visible for IQE PICs.
