Cisco Systems 3560 Policing on Physical Ports

34-9

Catalyst 3560 Switch Software Configuration Guide

OL-8553-06

Chapter 34 Configuring QoS

Understanding QoS

Policing on Physical Ports

In policy maps on physical ports, you can create these types of policers:

• Individual—QoS applies the bandwidth limits specified in the policer separately to each matched

traffic class. You configure this type of policer within a policy map by using the police policy-map

class configuration command.

• Aggregate—QoS applies the bandwidth limits specified in an aggregate policer cumulatively to all

matched traffic flows. You configure this type of policer by specifying the aggregate policer name

within a policy map by using the police aggregate policy-map class configuration command. You

specify the bandwidth limits of the policer by using the mls qos aggregate-policer global

configuration command. In this way, the aggregate policer is shared by multiple classes of traffic

within a policy map.

Note In Cisco IOS Release 12.2(25)SE or later, you can only configure individual policers on an

SVI.

Policing uses a token-bucket algorithm. As each frame is received by the switch, a token is added to the

bucket. The bucket has a hole in it and leaks at a rate that you specify as the average traffic rate in bits

per second. Each time a token is added to the bucket, the switch verifies that there is enough room in the

bucket. If there is not enough room, the packet is marked as nonconforming, and the specified policer

action is taken (dropped or marked down).

How quickly the bucket fills is a function of the bucket depth (burst-byte), the rate at which the tokens

are removed (rate-b/s), and the duration of the burst above the average rate. The size of the bucket

imposes an upper limit on the burst length and limits the number of frames that can be transmitted

back-to-back. If the burst is short, the bucket does not overflow, and no action is taken against the traffic

flow. However, if a burst is long and at a higher rate, the bucket overflows, and the policing actions are

taken against the frames in that burst.

You configure the bucket depth (the maximum burst that is tolerated before the bucket overflows) by

using the burst-byte option of the police policy-map class configuration command or the mls qos

aggregate-policer global configuration command. You configure how fast (the average rate) that the

tokens are removed from the bucket by using the rate-bps option of the police policy-map class

configuration command or the mls qos aggregate-policer global configuration command.

Figure 34-4 shows the policing and marking process when these types of policy maps are configured:

• A nonhierarchical policy map on a physical port.

• The interface level of a hierarchical policy map attached to an SVI. The physical ports are specified

in this secondary policy map.