two-rate Firewall Policer CIR & PIR

04.15.12   |  
‎04-15-2012 03:11 PM

Currently we assign customers a policer such as:


policer 10M {
    if-exceeding {
        bandwidth-limit 10m;
        burst-size-limit 1m;
    then discard;


I am wanting to change the way we do things and create a pool (size of internet we have) of say 100Mb. I then want to create CIR & PIR profiles and assign customers to these. At all points the CIR should be available to the customers, though if someone isn't using the CIR then allow them to use the PIR. For instance, the customer has a CIR of 10Mb but can reach 20Mb when other people aren't using their CIR.


I haven't been able to find many examples but here is one...


two-rate {
committed-information-rate 10m;
committed-burst-size 500k;
peak-information-rate 20m;
peak-burst-size 500k;


My question is,

1./ how do I create the pool of total available bandwidth to myself.

2./ How do I manage how long the customer can use PIR (i.e. if someone starts using their CIR reduce this customers PIR)

3./ Are my burst size's correct and how should these be calculated?

4./ Does this method use a lot more resources than our current implementation due to the token buckets?


Not many examples available on the internet or forums from what I can find.


Many thanks




Re: two-rate Firewall Policer CIR & PIR

04.16.12   |  
‎04-16-2012 08:16 PM

I think you are going to need to use a -Q card and build traffic control profiles.




I don't have an example of this though.


Re: two-rate Firewall Policer CIR & PIR

04.16.12   |  
‎04-16-2012 10:46 PM




not sure QoS per se solves this. Upstream one could mark traffic beyond CIR on a per customer basis and thereby ensure that on the backbone int a policer can distinguish between "below CIR" and "above CIR" and allow "above CIR" from various customers to compete for free bandwidth. But for downstream I don't see a way to properly do this ... But I'd love to see some more QoS adept reader correct me on this.


Best Regards



If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.