MQC nesting - question

Could someone help cement the action of nesting in an MQC policy map for me please.

In the scenario below, would the "subrate_policer" policy be applied to http traffic from R1, or would the "police_vlan146" policy be applied?

class-map FROM_R1
match access-group name FROM_R1

policy-map SUBRATE_POLICER
class FROM_R1
  police 64000 3200 4800
   conform-action set-prec-transmit 1
   exceed-action set-prec-transmit 0
   violate-action set-prec-transmit 0


policy-map POLICE_VLAN146
class HTTP
   police 128000 3200 4800
    conform-action transmit
    exceed-action set-prec-transmit 0
    violate-action drop
   service-policy SUBRATE_POLICER

interface FastEthernet 0/1
  service-policy input POLICE_VLAN146

Reason I ask is I need to confirm what happens in the event where traffic matches more than one policy.

cheers

Comments

  •  

    I just tested it:

     Class-map: HTTP (match-all)
          1728 packets, 1017755 bytes
          5 minute offered rate 32000 bps, drop rate 0 bps
          Match: access-group name HTTP
          police:
              cir 128000 bps, bc 3200 bytes, be 4800 bytes
            conformed 1728 packets, 1017755 bytes; actions:
              transmit
            exceeded 0 packets, 0 bytes; actions:
              set-prec-transmit 0
            violated 0 packets, 0 bytes; actions:
              drop
            conformed 96000 bps, exceed 0 bps, violate 0 bps

          Service-policy : SUBRATE_POLICER

            Class-map: FROM_R1 (match-all)
              1728 packets, 1017755 bytes
              5 minute offered rate 32000 bps, drop rate 0 bps
              Match: access-group name FROM_R1
              police:
                  cir 64000 bps, bc 3200 bytes, be 4800 bytes
                conformed 1099 packets, 646645 bytes; actions:
                  set-prec-transmit 1
                exceeded 8 packets, 4720 bytes; actions:
                  set-prec-transmit 0
                violated 621 packets, 366390 bytes; actions:
                  set-prec-transmit 0
                conformed 62000 bps, exceed 0 bps, violate 35000 bps

     

    This appears to suggest that the logic is top-down (as it is when we dont have any nesting).  So, class HTTP is applied first, followed by class FROM_R1.    (If I have this wrong feel free to chime in!)

     

  • peetypeety ✭✭

    Traffic arriving on F0/1 is sent through POLICE_VLAN146.  Any traffic matching class HTTP is policed as dictated, and is then passed through SUBRATE_POLICER.  If the traffic of class HTTP also matches class FROM_R1, it is policed further as dictated.

    Reading between the lines, it looks like you may possibly want two classes in one policy-map: treat HTTP like this, treat FROM_R1 like that, then handle class-default (if needed).

  • yep cool - thanks!

Sign In or Register to comment.