Configuration rules and considerations for policer, Limitations for policer, Considerations for vlags with policer – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Configuration rules and considerations for Policer

The following are rules for configuring maps and using policing parameters for the Policer feature:

• A policy-map, class map, priority-map name must be unique among all maps of that type.
• A policy-map is not supported on an ISL port.
• A Policer name must begin with a-z, or A-Z. You can use underscore, hyphen, and numeric values

0-9 except as the first character.

• You cannot delete a policy-map, class map, or priority-map if is active on the interface.
• You cannot delete a class map from a policy-map when the policy-map is active on the interface.
• Configure CIR and EIR in multiples of 40000 bps.
• Percentage as a rate limit is not supported,
• Policer actions are applicable only to data traffic. Control traffic, FCoE, and internal VLAN traffic is

not subjected to policing.

• The egress Policer can overwrite ingress Policer results such as CoS mapping and DSCP mapping.
• If a policy-map is applied to an interface and no Policer attributes are present in that policy-map, then

ingress and egress packets on that interface is marked as green (conforming).

• If the configured CBS value is less than 2*MTU value, then 2*MTU is programmed as the CBS in the

hardware. For example, if you configure CBS at 4000 bytes and the MTU on an interface is 3000
bytes, when a policy-map is applied on this interface, the CBS programmed in the hardware is
2*MTU (6000 bytes).

• If CBS and EBS values are not configured, then these values are derived from CIR and EIR values,

respectively. Burst size calculation is as follows: Burst size (cbs or ebs) =
1.2*information rate (CIR/EIR)/8

• If you do not configure EIR and EBS, then the single-rate, two-color scheme is applied (packets are

marked as either green or red).

• You must configure rate limit threshold values on an interface based on interface speed. No

validation is performed for user-configured values against interface speed.

Limitations for Policer

• The incremental step size for CIR or EIR is set to 40000 bps.
• The Policer operates in color-blind mode. In other words, color is evaluated at ingress and egress

Policers independently. This may result in packets that are marked as yellow in the inbound Policer
to be evaluated as green at the outbound Policer, depending on Policer settings.

• Because inbound queue scheduling is performed before outbound policing, setting traffic class (set-

conform-tc or set-exceed-tc) based on policing results does not affect packet forwarding at the
outbound side.

• Packets drops caused by any action other than ACLs are included in Policer counters.
• Layer 3 control packets are policed at the outbound side.
• Policing is enabled on lossless priorities at the outbound side.

Considerations for vLAGs with Policer

Because a virtual link aggregation group (vLAG) spans multiple switches, it is not possible to associate
flows on each LAG member port to a common Policer. Instead, apply the same policy-map on individual
member ports so that traffic flow on member ports is controlled by a Policer configured on that member
port. The total rate-limit threshold value on a vLAG consists of the cumulative values of rate-limit
thresholds on all member ports.

Policer behavior for control packets

Port-based Policer behavior for Layer 2 and Layer 3 control packets is shown in the table below.

Configuration rules and considerations for Policer

Network OS Administrator’s Guide

485

53-1003225-04