in
IEOC CCIE Forums

IEOC - INE's Online Community

Welcome to INE's Online Community - IEOC - a place for CCIE and CCENT candidates to connect, share, and learn. Our Online Community features CCIE forums and discussions for all tracks including Routing & Switching, Voice, Security, Service Provider, Wireless,, and Storage. Through these online communities you can discuss your questions with thousands of your peers, hundreds of CCIE's and INE's own team of world renowned CCIE instructors and authors, Brian Dennis - Quintuple CCIE #2210, Brian McGahan – Triple CCIE #8593, Petr Lapukhov - Quad CCIE #16379, and Mark Snow - Dual CCIE #14073.
Latest post 05-12-2014 9:15 AM by ukwill. 3 replies.
Page 1 of 1 (4 items)
Sort Posts: Previous Next
  • 05-12-2014 2:15 AM

    MQC nesting - question

    Could someone help cement the action of nesting in an MQC policy map for me please.

    In the scenario below, would the "subrate_policer" policy be applied to http traffic from R1, or would the "police_vlan146" policy be applied?

    class-map FROM_R1
    match access-group name FROM_R1

    policy-map SUBRATE_POLICER
    class FROM_R1
      police 64000 3200 4800
       conform-action set-prec-transmit 1
       exceed-action set-prec-transmit 0
       violate-action set-prec-transmit 0


    policy-map POLICE_VLAN146
    class HTTP
       police 128000 3200 4800
        conform-action transmit
        exceed-action set-prec-transmit 0
        violate-action drop
       service-policy SUBRATE_POLICER

    interface FastEthernet 0/1
      service-policy input POLICE_VLAN146

    Reason I ask is I need to confirm what happens in the event where traffic matches more than one policy.

    cheers

    • Post Points: 20
  • 05-12-2014 2:46 AM In reply to

    Re: MQC nesting - question

     

    I just tested it:

     Class-map: HTTP (match-all)
          1728 packets, 1017755 bytes
          5 minute offered rate 32000 bps, drop rate 0 bps
          Match: access-group name HTTP
          police:
              cir 128000 bps, bc 3200 bytes, be 4800 bytes
            conformed 1728 packets, 1017755 bytes; actions:
              transmit
            exceeded 0 packets, 0 bytes; actions:
              set-prec-transmit 0
            violated 0 packets, 0 bytes; actions:
              drop
            conformed 96000 bps, exceed 0 bps, violate 0 bps

          Service-policy : SUBRATE_POLICER

            Class-map: FROM_R1 (match-all)
              1728 packets, 1017755 bytes
              5 minute offered rate 32000 bps, drop rate 0 bps
              Match: access-group name FROM_R1
              police:
                  cir 64000 bps, bc 3200 bytes, be 4800 bytes
                conformed 1099 packets, 646645 bytes; actions:
                  set-prec-transmit 1
                exceeded 8 packets, 4720 bytes; actions:
                  set-prec-transmit 0
                violated 621 packets, 366390 bytes; actions:
                  set-prec-transmit 0
                conformed 62000 bps, exceed 0 bps, violate 35000 bps

     

    This appears to suggest that the logic is top-down (as it is when we dont have any nesting).  So, class HTTP is applied first, followed by class FROM_R1.    (If I have this wrong feel free to chime in!)

     

    • Post Points: 5
  • 05-12-2014 8:00 AM In reply to

    • peety
    • Top 25 Contributor
    • Joined on 02-22-2011
    • Redmond, WA, USA
    • Elite
    • Points 19,700

    Re: MQC nesting - question

    Traffic arriving on F0/1 is sent through POLICE_VLAN146.  Any traffic matching class HTTP is policed as dictated, and is then passed through SUBRATE_POLICER.  If the traffic of class HTTP also matches class FROM_R1, it is policed further as dictated.

    Reading between the lines, it looks like you may possibly want two classes in one policy-map: treat HTTP like this, treat FROM_R1 like that, then handle class-default (if needed).

    CCIE R&S #34583

    Now based in Redmond, WA

    • Post Points: 20
  • 05-12-2014 9:15 AM In reply to

    Re: MQC nesting - question

    yep cool - thanks!

    • Post Points: 5
Page 1 of 1 (4 items)
IEOC CCIE Forums Internetwork Expert CCIE Training
About IEOC | Terms of Use | RSS | Privacy Policy
© 2010 Internetwork Expert, Inc. All Rights Reserved