QoS-Policing

rns20172050-b55fd963 · February 9, 2023, 5:01pm

Hi, everybody

I’m studying QoS, such as Policing. And I have one question: Why packets drop (violated), if interface rate not exceeded 128 000 bps, I don’t understand that moment ?

I build lab on EVE-NG. Topology is very simple. R1 and R2 routers directly connected (ethernet 0/0) (subnet 10.1.12.0/24). Policing (single rate and three color) configured on R2:

interface Ethernet0/0
ip address 10.1.12.2 255.255.255.0
load-interval 30
service-policy input PM-SINGLE-RATE-THREE-COLOR
end

!

class-map match-all CM-ICMP
match protocol icmp
policy-map PM-SINGLE-RATE-THREE-COLOR
class CM-ICMP
police cir 128000
conform-action transmit
exceed-action set-dscp-transmit default
violate-action drop

and R1 config:
interface Ethernet0/0
ip address 10.1.12.1 255.255.255.0
end

I started ping from R1 to R2:
R1#ping 10.1.12.2 repeat 9999999
Type escape sequence to abort.
Sending 9999999, 100-byte ICMP Echos to 10.1.12.2, timeout is 2 seconds:
!!!.!!!.!!!.!!!.!!!.!!! and etc.
Success rate is 99 percent (1038/1052), round-trip min/avg/max = 1/1/23 ms
R1#
P.S. I interrupted ping when was 1052

R2#show policy-map interface ethernet 0/0
Ethernet0/0

Service-policy input: PM-SINGLE-RATE-THREE-COLOR

Class-map: CM-ICMP (match-all)  
  1052 packets, 119928 bytes
  30 second offered rate 20000 bps, drop rate 0000 bps
  Match: protocol icmp
  police:
      cir 128000 bps, bc 4000 bytes, be 4000 bytes
    conformed 548 packets, 62472 bytes; actions:
      transmit 
    exceeded 490 packets, 55860 bytes; actions:
      set-dscp-transmit default
    violated 14 packets, 1596 bytes; actions:
      drop 
    conformed 10000 bps, exceeded 9000 bps, violated 0000 bps

Class-map: class-default (match-any)  
  0 packets, 0 bytes
  30 second offered rate 0000 bps, drop rate 0000 bps
  Match: any

R2#
R2#
R2#

Why packets drop (violated), if interface rate not exceeded 128 000 bps, I don’t understand that moment ?

Network_Eric · February 9, 2023, 10:07pm

Hey RNS,

Your interface rate is for the last 30 seconds, and is the average over that time (This is important because it smooths out spikes). That suggests that you waited between running the commands so it is not supplying you with raw data. It may be best for your test to include 3 devices with traffic flowing across router 2 so you can check it live while the data is flowing.

rns20172050-b55fd963 · February 10, 2023, 12:20pm

Network_Eric,

I did how u said, I added 2 routers R3 and R4, and ping from R1,R3,R4 to R2 during 5 minutes, but drop pakets have. Also returned interface rate from 30 second to 5 minutes

R2#show policy-map interface ethernet 0/0
Ethernet0/0

Service-policy input: PM-SINGLE-RATE-THREE-COLOR

Class-map: CM-ICMP (match-all)  
  24123 packets, 2750022 bytes
  5 minute offered rate 37000 bps, drop rate 1000 bps
  Match: protocol icmp
  police:
      cir 128000 bps, bc 4000 bytes, be 4000 bytes
    conformed 12827 packets, 1462278 bytes; actions:
      transmit 
    exceeded 10746 packets, 1225044 bytes; actions:
      set-dscp-transmit default
    violated 550 packets, 62700 bytes; actions:
      drop 
    conformed 21000 bps, exceeded 16000 bps, violated 1000 bps

Class-map: class-default (match-any)  
  0 packets, 0 bytes
  5 minute offered rate 0000 bps, drop rate 0000 bps
  Match: any

R2#
R2#

Network_Eric · February 10, 2023, 2:22pm

Hey there,

Correct, that is all expected. Keep in mind the offered rate was the average number of bits per second. So total bits divided by 30, same with the drop rate. You bottom conformed, exceeded, and violated are also averages across the same time frame.

This means that on one second you could spike up and drop lets yes 600000 bits of traffic, and then for the entire rest of the 30 seconds everything else conforms, but that would be divided and provided as your average. It’s informational to help you make decisions about how appropriate your policing policy is, not meant for long term tracking.

rns20172050-b55fd963 · February 10, 2023, 3:07pm

Network_Eric,

Excuse me,

Can you explain in more detail ? I do not quite understand.
And I see that conformed 21000 bps, exceeded 16000 bps, violated 1000 bps = interface rate 37 000 bps. 2) Why ?
Then why us need CIR 128 000 bps ?

Network_Eric · February 10, 2023, 8:14pm

Hey RNS,

The CIR is the rate you configured to allow traffic. Now, let’s say over 10 seconds, 5 of those seconds have 300,000 bps for those, for the remaining 5 seconds no traffic at all. Over the total 10 seconds 1,500,000 bits have been sent. But it will average this out over the entire duration. So it will say the offered rate over 10 seconds was 150,000bps. These numbers are just averages over time and not reflective of what the actual amount of data was at any given second of the time period. The conformed, exceeded and drop rates are just the averages within this total.

rns20172050-b55fd963 · February 11, 2023, 4:48pm

Hello Network_Eric,

Thank you for the clarification.

Topic		Replies	Views
Routing Concepts - Policy Based Routing Lab alternative (and more elegant?) solution CCIE Enterprise Infrastructure v1.0 networking , lab , ccie	4	322	November 19, 2023
Network type mismatch CCNP Enterprise networking	0	234	August 15, 2022
Enterprise Infrastructure - EIGRP Classic Metric Calculation lab solution mistake? CCIE Enterprise Infrastructure v1.0 networking , lab , ccie	1	155	March 25, 2024
BGP Next hop issue CCNP Enterprise networking	4	190	September 1, 2022
Why this line appear CCNP Enterprise networking	2	194	August 5, 2022

QoS-Policing

Related Topics