Policer Overhead to Account for Rate Shaping in the Traffic Manager
Policer Overhead to Account for Rate Shaping Overview
If you configure ingress or egress traffic-shaping overhead values for an interface, the traffic manager cannot apply these values to any rate-limiting also applied to the interface. To enable the router to account for the additional Ethernet frame length when policing actions are being determined, you must configure the ingress or egress overhead values for policers separately.
When a policer overhead value is changed, the PIC or DPC goes offline and then comes back online.
For Gigabit Ethernet Intelligent Queuing 2 (IQ2) and Enhanced IQ2 (IQ2E) PICs or interfaces on Dense Port Concentrators (DPCs) in MX Series routers, you can control the rate of traffic that passes through all interfaces on the PIC or DPC by configuring a policer overhead. You can configure a policer ingress overhead and a policer egress overhead, each with values from 0 through 255 bytes. The policer overhead values are added to the length of the final Ethernet frame when determining ingress and egress policer actions.
See Also
Example: Configuring Policer Overhead to Account for Rate Shaping
This example shows how to configure overhead values for policers when rate-shaping overhead is configured.
Requirements
Before you begin, make sure that interface for which you are applying ingress or egress policer overhead is hosted on one of the following:
Gigabit Ethernet IQ2 PIC
IQ2E PIC
DPCs in MX Series routers
Overview
This example shows how to configure policer overhead values for all physical interfaces on a supported PIC or MPC so that the rate shaping value configured on a logical interface is accounted for in any policing on that logical interface.
Topology
The router hosts a Gigabit Ethernet IQ2 PIC, installed in PIC location 3 of the Flexible PIC Concentrator (FPC) in slot number 1. The physical interface on port 1 on that PIC is configured to receive traffic on logical interface 0 and send it back out on logical interface 1. Class-of-service scheduling includes 100 Mbps of traffic rate-shaping overhead for the output traffic. A policer egress overhead of 100 bytes is configured on the entire PIC so that, for any policers applied to the output traffic, 100 bytes are added to the final Ethernet frame length when determining ingress and egress policer actions.
Traffic rate-shaping and corresponding policer overhead are configured separately:
You configure rate shaping at the
[edit class-of-service interfaces interface-name unit unit-number]hierarchy level.You configure policer overhead at the
[edit chassis fpc slot-number pic pic-number]hierarchy level.
When a policer overhead value is changed, the PIC or DPC goes offline and then comes back online.
Configuration
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.
To configure this example, perform the following tasks:
- CLI Quick Configuration
- Configuring the Logical Interfaces
- Configuring Traffic Rate-Shaping on the Logical Interface That Carries Output Traffic
- Configuring Policer Overhead on the PIC or DPC That Hosts the Rate-Shaped Logical Interface
- Applying a Policer to the Logical Interface That Carries Input Traffic
CLI Quick Configuration
To quickly configure this example, copy the following
configuration commands into a text file, remove any line breaks, and
then paste the commands into the CLI at the [edit] hierarchy
level.
set interfaces ge-1/3/1 per-unit-scheduler set interfaces ge-1/3/1 vlan-tagging set interfaces ge-1/3/1 unit 0 vlan-id 100 set interfaces ge-1/3/1 unit 0 family inet address 10.10.10.1/30 set interfaces ge-1/3/1 unit 1 vlan-id 101 set interfaces ge-1/3/1 unit 1 family inet address 20.20.20.1/30 arp 20.20.20.2 mac 00:00:11:22:33:44 set class-of-service schedulers be transmit-rate percent 5 set class-of-service schedulers ef transmit-rate percent 30 set class-of-service schedulers af transmit-rate percent 30 set class-of-service schedulers nc transmit-rate percent 35 set class-of-service scheduler-maps my-map forwarding-class best-effort scheduler be set class-of-service scheduler-maps my-map forwarding-class expedited-forwarding scheduler ef set class-of-service scheduler-maps my-map forwarding-class network-control scheduler nc set class-of-service scheduler-maps my-map forwarding-class assured-forwarding scheduler af set class-of-service interfaces ge-1/3/1 unit 1 scheduler-map my-map set class-of-service interfaces ge-1/3/1 unit 1 shaping-rate 100m set firewall policer 500Kbps logical-interface-policer set firewall policer 500Kbps if-exceeding bandwidth-limit 500k set firewall policer 500Kbps if-exceeding burst-size-limit 625k set firewall policer 500Kbps then discard set chassis fpc 1 pic 3 ingress-policer-overhead 100 set chassis fpc 1 pic 3 egress-policer-overhead 100 set interfaces ge-1/3/1 unit 0 family inet policer input 500Kbps
Configuring the Logical Interfaces
Step-by-Step Procedure
To configure the logical interfaces:
Enable configuration of the interface
[edit] user@host# edit interfaces ge-1/3/1
Enable multiple queues for each logical interface (so that you can associate an output scheduler with each logical interface).
[edit interfaces ge-1/3/1] user@host# set per-unit scheduler user@host# set vlan-tagging
Note:For Gigabit Ethernet IQ2 PICs only, use the
shared-schedulerstatement to enable shared schedulers and shapers on a physical interface.Configure logical interface
ge-1/3/1.0.[edit interfaces ge-1/3/1] user@host# set unit 0 vlan-id 100 user@host# set unit 0 family inet address 10.10.10.1/30
Configure logical interface
ge-1/3/1.1.[edit interfaces ge-1/3/1] user@host# set unit 1 vlan-id 101 user@host# set unit 1 family inet address 20.20.20.1/30 arp 20.20.20.2 mac 00:00:11:22:33:44
Results
Confirm the configuration of the interfaces by entering
the show interfaces configuration mode command. If
the command output does not display the intended configuration, repeat
the instructions in this procedure to correct the configuration.
[edit]
user@host# show interfaces
ge-1/3/1 {
per-unit-scheduler;
vlan-tagging;
unit 0 {
vlan-id 100;
family inet {
address 10.10.10.1/30;
}
}
unit 1 {
vlan-id 101;
family inet {
address 20.20.20.1/30 {
arp 20.20.20.2 mac 00:00:11:22:33:44;
}
}
}
}
Configuring Traffic Rate-Shaping on the Logical Interface That Carries Output Traffic
Step-by-Step Procedure
To configure traffic rate-shaping on the logical interface that carries output traffic:
Enable configuration of class-of-service features.
[edit] user@host# edit class-of-service
Configure packet scheduling on logical interface
ge-1/3/1.0.Configure schedulers that specify the percentage of transmission capacity.
[edit class-of-service] user@host# edit schedulers [edit class-of-service schedulers] user@host# set be transmit-rate percent 5 user@host# set ef transmit-rate percent 30 user@host# set af transmit-rate percent 30 user@host# set nc transmit-rate percent 35
A percentage of zero drops all packets in the queue. When the
rate-limitoption is specified, the transmission rate is limited to the rate-controlled amount. In contrast with theexactoption, a scheduler with therate-limitoption shares unused bandwidth above the rate-controlled amount.Configure a scheduler map to associate each scheduler with a forwarding class.
[edit class-of-service] user@host# edit scheduler-maps my-map [edit class-of-service scheduler-maps my-map] user@host# set forwarding-class best-effort scheduler be user@host# set forwarding-class expedited-forwarding scheduler ef user@host# set forwarding-class network-control scheduler nc user@host# set forwarding-class assured-forwarding scheduler af
Associate the scheduler map with logical interface
ge-1/3/1.0.[edit class-of-service] user@host# edit interfaces ge-1/3/1 unit 1 [edit class-of-service interfaces ge-1/3/1 unit 1] user@host# set scheduler-map my-map
Configure 100 Mbps of traffic rate-shaping overhead on logical interface
ge-1/3/1.1.[edit class-of-service interfaces ge-1/3/1 unit 1] user@host# set shaping-rate 100
Alternatively, you can configure a shaping rate for a logical interface and oversubscribe the physical interface by including the
shaping-ratestatement at the[edit class-of-service traffic-control-profiles]hierarchy level. With this configuration approach, you can independently control the delay-buffer rate.
Results
Confirm the configuration of the class-of-service features
(including the 100 Mbp of shaping of the egress traffic) by entering
the show class-of-service configuration mode command. If
the command output does not display the intended configuration, repeat
the instructions in this procedure to correct the configuration.
[edit]
user@host# show class-of-service
interfaces {
ge-1/3/1 {
unit 1 {
scheduler-map my-map;
shaping-rate 100m;
}
}
}
scheduler-maps {
my-map {
forwarding-class best-effort scheduler be;
forwarding-class expedited-forwarding scheduler ef;
forwarding-class network-control scheduler nc;
forwarding-class assured-forwarding scheduler af;
}
}
schedulers {
be {
transmit-rate percent 5;
}
ef {
transmit-rate percent 30;
}
af {
transmit-rate percent 30;
}
nc {
transmit-rate percent 35;
}
}
Configuring Policer Overhead on the PIC or DPC That Hosts the Rate-Shaped Logical Interface
Step-by-Step Procedure
To configure policer overhead on the PIC or MPC that hosts the rate-shaped logical interface:
Enable configuration of the supported PIC or MPC.
[edit] user@host# set chassis fpc 1 pic 3
Configure 100 bytes of policer overhead on the supported PIC or MPC.
[edit chassis fpc 1 pic 3] user@host# set ingress-policer-overhead 100 user@host# set egress-policer-overhead 100
Note:These values are added to the length of the final Ethernet frame when determining ingress and egress policer actions for all physical interfaces on the PIC or MPC.
You can specify policer overhead with values from 0 through 255 bytes.
Results
Confirm the configuration of the policer overhead on
the physical interface to account for rate-shaping by entering the show chassis configuration mode command. If the command
output does not display the intended configuration, repeat the instructions
in this procedure to correct the configuration.
[edit]
user@host# show chassis
chassis {
fpc 1 {
pic 3 {
egress-policer-overhead 100;
ingress-policer-overhead 100;
}
}
}
Applying a Policer to the Logical Interface That Carries Input Traffic
Step-by-Step Procedure
To apply a policer to the logical interface that carries input traffic:
Configure the logical interface (aggregate) policer.
[edit] user@host# edit firewall policer 500Kbps [edit firewall policer 500Kbps] user@host# set logical-interface-policer user@host# set if-exceeding bandwidth-limit 500k user@host# set if-exceeding burst-size-limit 625k user@host# set then discard
Apply the policer to Layer 3 input on the IPv4 logical interface.
[edit] user@host# set interfaces ge-1/3/1 unit 0 family inet policer input 500Kbps
Note:The 100 Mbps policer overhead is added to the length of the final Ethernet frame when determining ingress and egress policer actions,
Results
Confirm the configuration of the policer with rate-shaping
overhead by entering the show firewall and show interfaces configuration mode commands. If the command output does not display
the intended configuration, repeat the instructions in this procedure
to correct the configuration.
[edit]
user@host# show firewall
policer 500Kbps {
logical-interface-policer;
if-exceeding {
bandwidth-limit 500k;
burst-size-limit 625k;
}
then discard;
}
[edit]
user@host# show interfaces
ge-1/3/1 {
per-unit-scheduler;
vlan-tagging;
unit 0 {
vlan-id 100;
layer2-policer {
input-policer 500Kbps;
}
family inet {
address 10.10.10.1/30;
}
}
unit 0 {
vlan-id 101;
family inet {
address 20.20.20.1/30 {
arp 20.20.20.2 mac 00:00:11:22:33:44;
}
}
}
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
- Displaying Traffic Statistics and Policers for the Logical Interface
- Displaying Statistics for the Policer
Displaying Traffic Statistics and Policers for the Logical Interface
Purpose
Verify the traffic flow through the logical interface and that the policer is evaluated when packets are received on the logical interface.
Action
Use the show interfaces operational mode command
for logical interface ge-1/3/1.0, and include the detail or extensive option. The command output section
for Traffic statistics lists the number
of bytes and packets received and transmitted on the logical interface,
and the Protocol inet section contains
a Policer field that would list the policer 500Kbps as an input or output policer as follows:
Input: 500Kbps-ge-1/3/1.0-log_int-i
Output: 500Kbps-ge-1/3/1.0-log_int-o
The log_int-i suffix denotes a logical interface policer applied to input traffic, while the log_int-o suffix denotes a logical interface policer applied to output traffic. In this example, the logical interface policer is applied to Input traffic only.
Displaying Statistics for the Policer
Purpose
Verify the number of packets evaluated by the policer.
Action
Use the show policer operational mode command
and optionally specify the name of the policer. The command output
displays the number of packets evaluated by each configured policer
(or the specified policer), in each direction. For the policer 500Kbps, the input and output policer names are displayed as
follows:
500Kbps-ge-1/3/1.0-log_int-i
500Kbps-ge-1/3/1.0-log_int-o
The log_int-i suffix denotes a logical interface policer applied to input traffic, while the log_int-o suffix denotes a logical interface policer applied to output traffic. In this example, the logical interface policer is applied to input traffic only.