CBWFQ policing

I am having too much trouble understanding the policing and the Bc and Be concept and not sure when to specify the Be rate or should this be left to the IOS to determine. When do you need to specify the Be for the police statement and when you don't need to. I read the explanation from the 5.0 lab 10 times and it's not getting through. Any help would be greatly appreciate it.


  • It depends on the type of policing you have configured.

    In the police command, if you specify a violate action /single rate three color policing/, then the default for Be is Be=Bc

    If you don't specify a violate action then it is a single rate 2 collor policing and there is no Be, the default for it is 0

    If you configure PIR then it is a dual rate 3 color policing and the default for the Be is PIR/32


    See the chapter on configuring CB policing in the exam certification guide, 3rd edition.

    I tried to sum it up here, it is explained very well there.







                   Hi Pharoh


                   If u do police rate, the bc and be will be calculate automatic for u, and if u do police cir u must specify this be and bc. Remember that the Bc and Be is in bytes/sec.  Bc = (CIR *1.5)/8 and Be = 2*Bc





  • Hi Jeriel


    Where did you source that information?

    From what I read in the certification guide, p. 496


           (CIR * 0.25 second)        CIR
    Bc = —––––––––––––––– = –––—––––
               8 bits/byte                  32


    From the formula you provided it looks like Bc=CIR/5.33? And I did not see a formula for any type of policing which would make Be equal to 2*Bc... am I missing something?


  • nik,

    The formula that Jeriel suggested is the cisco recommended for policing traffic with CAR.  See command reference for "rate-limit"   http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_q1.html#wp1015612

    "CAR embodies a rate-limiting feature for policing traffic. When policing traffic with CAR, Cisco recommends the following values for the normal and extended burst parameters:

    normal burst (in bytes) = configured rate (in bits per second) * (1 byte)/(8 bits) * 1.5 seconds

    17.000.000 * (1 byte)/(8 bits) * 1.5 seconds = 3.187.500 bytes

    extended burst = 2 * normal burst

    2 * 3.187.500 = 6.375.000 bytes"




  • Great.

    Can you explain to me the difference between those 2 examples:

    Example 1:

    In this example, a customer is connected to an Internet service
    provider (ISP) by a T3 link. The ISP wants to rate limit transmissions
    from the customer to 15 Mbps of the 45 Mbps. In addition, the customer
    is allowed to send bursts of 2,812,500 bytes. All packets exceeding
    this limit are dropped. The following commands are configured on the
    High-Speed Serial Interface (HSSI) of the ISP connected to the

    interface Hssi0/0/0

     description 45Mbps to R1

     rate-limit input 15000000 2812500 2812500 conform-action transmit exceed-action drop

     ip address

     rate-limit output 15000000 2812500 2812500 conform-action transmit exceed-action drop

    Example 2:
    The following example uses rate limiting to control traffic in an
    Internet Exchange Point (IXP). Because an IXP comprises many neighbors
    around an FDDI ring, MAC address rate-limited access lists are used to
    control traffic from a particular ISP. Traffic from one ISP (at MAC
    address 00e0.34b0.7777) is compared to a rate limit of 80 Mbps of the
    100 Mbps available on the FDDI connection. Traffic that conforms to
    this rate is sent. Nonconforming traffic is dropped.interface Fddi2/1/0
     rate-limit input access-group rate-limit 100 80000000 15000000 30000000 conform-action   transmit exceed-action drop

    Why in example 1 they used extended burst 1X normal burst while example 2 they used extended burst 2Xnormal burst..
    Why the inconsistencies?
    Aren't both questions asking to limit the traffic to the specific rate of (example 1: 15 Mbps and example 2: 80 Mbps)

    Inconsistencies kills the theory and confuses the hell out of me.
  • Pharoh,

    Both examples above employ CAR rather than CB policing.

    The configured excess burst does not change the overall traffic rate allowed, it just determines how strictly that rate is enforced.

    The rate-limit command goes as follows:

    rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action conform-action exceed-action exceed-action


    In the second case, with max-burst (max-burst=Bc+Be) set to twice the Bc an excess burst of 15000000 is configured. This means that if traffic occasionally burst up to twice the commited rate it will not be dropped, as long as the overall rate is not exceeded. Refer to the certification guide to see how token buckets work.

    In the first case, with max-burst equal to Bc, no Be is configured and if at any time the traffic rate bursts above the commited rate the exceeding packets should be dropped. Since the wording mentions an allowed Be, it looks like the config is wrong :-)


  • If I understand correctly, both examples are wrong.

    The first example, the be should be twice the bc of 5625000 and the 2nd example the Be should be 15000000. Correct.



  • Hi pharoh


    On the first question the keyword "All packets exceeding this limit are dropped" states that the limit will be 2,812,500bytes, then Bc = Be. This is a random value set by the ISP.

    The second question is correct, due to cisco recommandation for CAR, must be as follow.


                   Bc = (cir/8) * 1.5 = (80000000 / 8) * 1.5 = 15000000

                   Since the be = 2 * Bc = 30000000



Sign In or Register to comment.