This command is used to create, delete, or modify policer control policies. The policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy can also be applied to the ingress or egress context of a sub-profile.
Each policer-control-policy must be created with a unique policy name. The name must given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.
The create keyword is required when a new policy is being created and the system is configured for explicit object creation mode.
The description command is used to define an informational ASCII string associated with the policer control policy. The string value can be defined or changed at any time once the policy exists.
The no form of this command is used to remove an explicit description string from the policer.
The root node contains the policer control policies configuration parameters for the root arbiter. Within the node, the parent policer’s maximum rate limit can be set and the strict priority level shared and fair threshold portions may be defined per priority level.
The max-rate command defines the parent policer’s PIR leaky bucket’s decrement rate. A parent policer is created for each time the policer-control-policy is applied to either a SAP or
subscriber instance. Packets that are not discarded by the child policers associated with the SAP or
subscriber instance are evaluated against the parent policer’s PIR leaky bucket.
The policer-control-policy root max-rate setting may be overridden on each SAP or sub-profile where the policy is applied.
The max parameter is mutually exclusive with defining a
kilobits-per-second value. When max is specified, the parent policer does not enforce a maximum rate on the aggregate throughput of the child policers. This is the default setting when the
policer-control-policy is first created and is the value that the parent policer returns to when no max-rate is executed. In order for the parent policer to be effective, a kilobits-per-second value should be specified.
The no max-rate command returns the policer-control-policy’s parent policer maximum rate to max.
The priority-mbs-thresholds command contains the root arbiter parent policer’s
min-thresh-separation command and each priority level’s
mbs-contribution command that is used to internally derive each priority level’s shared-portion and fair-portion values. The system uses each priority level’s shared-portion and fair-portion value to calculate each priority level’s discard-unfair and discard-all MBS thresholds that enforce priority sensitive rate-based discards within the root arbiter’s parent policer.
The priority-mbs-thresholds CLI node always exists and does not need to be created.
The min-thresh-separation command defines the minimum required separation between each in-use discard threshold maintained for each parent policer context associated with the policer-control-policy. The min-thresh-separation value may be overridden on each SAP or sub-profile to which the policy is applied.
The second function the system uses the min-thresh-separation value for is determining the value per priority level for the fair-portion:
When the mbs-contribution command’s optional fixed keyword is defined for a priority level within the policy, the system will treat the defined
mbs-contribution value as an explicit definition of the priority level’s MBS. While the system will continue to track child policer associations with the parent policer priority levels, the association counters will have no effect. Instead the following rules will be used to determine a fixed priority level’s shared-portion and fair-portion:
•
|
If the mbs-contribution value is not set to zero:
|
mbs-contribution value less
min-thresh-separation value
Each time the min-thresh-separation value is modified, the thresholds for all instances of the parent policer created through association with this
policer-control-policy are reevaluated
The minimum value for min-thresh-separation should be set equal to the maximum size packet that will be handled by the parent policer. This ensures that when a lower priority packet is incrementing the bucket, the size of the increment will not cause the bucket's depth to equal or exceed a higher priority threshold. It also ensures that an unfair packet within a priority level cannot cause the PIR bucket to increment to the discard-all threshold within the priority.
In most circumstances, a value larger than the maximum packet size is not necessary. Management of priority level aggregate burst tolerance is intended to be implemented using the priority level mbs-contribution command. Setting a value larger than the maximum packet size will not adversely affect the policer performance, but it may increase the aggregate burst tolerance for each priority level.
The no form of this command returns the policy’s
min-thresh-separation value to the default value.
The size parameter is required when executing the min-thresh-separation command. It is expressed as an integer and specifies the shared portion in bytes or kilobytes that is selected by the trailing bytes or kilobytes keywords. If both bytes and kilobytes are missing, kilobytes is the assumed value. Setting this value has no effect on parent policer instances where the
min-thresh-separation value has been overridden.
The bytes keyword is optional and is mutually exclusive with the
kilobytes keyword. When specified, size is interpreted as specifying the size of
min-thresh-separation in bytes.
The kilobytes keyword is optional and is mutually exclusive with the
bytes keyword. When specified, size is interpreted as specifying the size of
min-thresh-separation in kilobytes.
The priority level command contains the
mbs-contribution configuration command for a given strict priority level. Eight levels are supported numbered 1 through 8 with 8 being the highest strict priority.
The mbs-contribution command is used to configure the policy-based burst tolerance for a parent policer instance created when the policy is applied to a SAP or
subscriber context. The system uses the parent policer’s
min-thresh-separation value, the priority level’s
mbs-contribution value and the number of child policers currently attached to the priority level to derive the priority level’s shared-portion and fair-portion of burst tolerance within the local priority level. The shared-portion and fair-portions for each priority level are then used by the system to calculate each priority level’s discard-unfair threshold and discard-all threshold. The mbs-contribution is the minimum separation between two adjacent active discard-all thresholds.
The value for a priority level’s mbs-contribution within the policer-control-policy may be overridden on the SAP or
subscribersub-profile where the policy is applied in order to allow fine tuning of the discard-unfair and discard-all thresholds relevant to the needs of the local child policers on the object.
When defining mbs-contribution, the specified size may only be a portion of the burst tolerance associated with the priority level. The packets associated with the priority level share the burst tolerance of lower within the parent policer. As the parent policer PIR bucket depth increases during congestion, the lower priority packets eventually experience discard based on each priority’s discard-unfair and discard-all thresholds. Assuming congestion continues once all the lower priority packets have been prevented from consuming bucket depth, the burst tolerance for the priority level will be consumed by its own packets and any packets associated with higher priorities.
In the most conservative case, a priority level’s mbs-contribution value may be set to be greater than the sum of child policer’s mbs and one max-size-frame per child policer. This ensures that even in the absolute worst case where all the lower priority levels are simultaneously bursting to the maximum capacity of each child, enough burst tolerance for the priority’s children will exist if they also burst to their maximum capacity.
In the default behavior, the system ignores the mbs-contribution values for a priority level on a
subscriber or SAP parent policer when a child policer is not currently associated with the level. This prevents additional burst tolerance from being added to higher priority traffic within the parent policer.
This does cause fluctuations in the defined threshold values when child policers are added or removed from a parent policer instance. If this behavior is undesirable, the fixed keyword may be used which causes the mbs-contribution value to always be included in the calculation of parent policer’s discard thresholds. The defined
mbs-contribution value may be overridden on a
subscriber sla-profile or on a SAP instance, but the fixed nature of the contribution cannot be overridden.
If the defined mbs-contribution value for the priority level is zero, the priority level will have no effect on the parent policer’s defined discard thresholds. A packet associated with the priority level will use the next lower priority level’s discard-unfair and discard-all thresholds.
The size parameter is required when executing the mbs-contribution command. It is expressed as an integer and specifies the priority’s specific portion amount of accumulative MBS for the priority level in bytes or kilobytes which is selected by the trailing
bytes or
kilobytes keywords. If both
bytes and
kilobytes are missing,
kilobytes is assumed. Setting this value has no effect on parent policer instances where the priority level’s
mbs-contribution value has been overridden.
The bytes keyword is optional and is mutually exclusive with the
kilobytes keyword. When specified, size is interpreted as specifying the size of
min-thresh-separation in bytes.
The kilobytes keyword is optional and is mutually exclusive with the
bytes keyword. When specified, size is interpreted as specifying the size of min-thresh-separation in kilobytes.
The optional fixed keyword is used to force the inclusion of the defined mbs-contribution value in the parent policer’s discard threshold calculations. If the
mbs-contribution command is executed without the
fixed keyword, the fixed calculation behavior for the priority level is removed.
The no mbs-contribution command returns the policy’s priority level’s MBS contribution to the default value. When changed, the thresholds for the priority level and all higher priority levels for all instances of the parent policer will be recalculated.
This command is used to create an arbiter within the context of tier 1 or
tier 2. An arbiter is a child policer bandwidth control object that manages the throughput of a set of child policers. An arbiter allows child policers or other arbiters to parent to one of eight strict levels. Each arbiter is itself parented to either another tiered arbiter or to the
root arbiter.
Each time the policer-control-policy is applied to either a SAP or
subscriber (through association with a sub-profile that has the policy applied), an instance of the parent policer and the arbiters is created.
You can create up to 31 tiered arbiters within the policer-control-policy on either tier 1 or tier 2 (in addition to the arbiter).
The no form of this command is used to remove an arbiter from tier 1 or tier 2. If the specified arbiter does not exist, the command returns without an error. If the specified arbiter is currently specified as the parent for another arbiter, the command will fail. When an arbiter is removed from a
policer-control-policy, all instances of the arbiter will also be removed. Any child policers currently parented to the arbiter instance will become orphans and will not be bandwidth managed by the policer control policy instances parent policer.
rate {kilobits-per-second | max
}
The arbiter’s policy defined rate value may be overridden at the SAP or sub-profile where the policer-control-policy is applied. Specifying an override prevents the arbiter from being removed from the policer control policy until the override is removed.
The no version of this command is used to remove a rate limit from the arbiter at the policer control policy level. The policy level rate limit for the arbiter will return to the default value of max. The
no rate command has no effect on instances of the arbiter where a rate limit override has been defined.
The kilobits-per-second parameter is mutually exclusive with the
max keyword. When specifying a value for
kilobits-per-second, enter an integer representing the rate limit in kilobits per second.
The max keyword is mutually exclusive with the
kilobits-per-second parameter. When
max is specified, the arbiter does not enforce a rate limit on its child policers or arbiters other than the individual rate limits enforced at the child level.
parent {root
|arbiter-name} [level
priority-level] [weight
weight-within-level]
The parent command is also used to define the parenting parameters. Each child arbiter attaches to its parent on one of the parents eight strict levels. Level 1 is the lowest and 8 is the highest. The level attribute is used to define which level the child arbiter uses on its parent. The parent distributes its available bandwidth based on strict priority starting with priority level 8 and proceeding towards level 1.
The weight attribute is used to define how multiple children at the same parent strict level compete when insufficient bandwidth exist on the parent for that level. Each child's weight is divided by the sum of the active children's weights and the result is multiplied by the available bandwidth. If a child cannot receive its entire weighted fair share of bandwidth due to a defined child rate limit, the remainder of its bandwidth is distributed between the other children based on their weights.
The no version of this command is used to return the tiered arbiter to the default parenting behavior. The arbiter will be attached to the root arbiter at priority level 1 with a weight of 1.
The root keyword is mutually exclusive with the
arbiter-name parameter. In tier 1,
arbiter-name is not allowed and only
root is accepted. When
root is specified, the arbiter will receive all bandwidth directly from the root arbiter. This is the default parent for tiered arbiters.
The arbiter-name parameter is mutually exclusive with the
root keyword. In tier 1,
arbiter-name is not allowed and only
root is accepted. The specified
arbiter-name must exist within the policer-control-policy at tier 1 or the parent command will fail. Once a tiered arbiter is acting as a parent for another tiered arbiter, the parent arbiter cannot be removed from the policy. The child arbiter will receive all bandwidth directly from its parent arbiter (which receives bandwidth from the root arbiter).
The level priority-level keyword and parameter are optional when executing the parent command. When
level is not specified, a default level of 1 is used in the parent arbiter. When
level is specified, the
priority-level parameter must be specified as an integer value from 1 through 8.
The weight weight-within-level keyword and parameter are optional when executing the parent command. When
weight is not specified, a default level of 1 is used in the parent arbiters priority level. When
weight is specified, the
weight-within-level parameter must be specified as an integer value from 1 through 100.