Understanding policy-map – police (bc) and (be) parameters

While i was working in packet loss issue with one of our customers i found the below results:First we need to know what (bc) and (be) values are using for:Policing uses normal or Committed Burst (bc) and Excess Burst (be) values to ensure that the configured committed information rate (CIR) is reached. Policing decides if a packet conforms or exceeds the CIR based on the burst values you configure.During periods of congestion, proper configuration of the excess burst parameter enables the policer to drop packets less aggressively.

Policing uses the committed (normal) and excess burst values to ensure the router reaches the configured committed information rate (CIR).

You can find below my troubleshooting steps to isolate the problem:

– Customer was facing packet losses when using extended ping session with packet size 1500 while his bandwidth average of 512K link was 250K
– Using Cyber-Gauge for monitoring real time customer’s interface and it was between 250K and 300K of bandwidth.
– Packet losses disappeared after deleting the service-policy under the interface.
– Trying to limit his bandwidth with another solution, so we configured (rate-limit 512K) under his interface using the below Normal and Maximum Burst values, so packet losses disappeared and we able to reach 512K using one ping session with 1500 packet size with acceptable packet losses:

Router1(config-subif)#rate-limit input 512000 512000 512000 conform-action transmit exceed-action drop
Router1(config-subif)#rate-limit output 512000 512000 512000 conform-action transmit exceed-action drop

– We changed Burst values to the recommended values **, so we get the same last result.

Router1(config-subif)#rate-limit input 512000 96000 192000 conform-action transmit exceed-action drop
Router1(config-subif)#rate-limit output 512000 96000 192000 conform-action transmit exceed-action drop

We tested customer’s scenario in our lab and found the below results:

Test-1) we are configuring our policy-maps using (CIR) value without adjusting Committed Burst (bc) and Excess Burst (be) values so then found that router is using the below value by default for CIR 512000 in our example:

R2#sh run | sec policy-map 512k
policy-map 512k
class class-default
police cir 512000
conform-action transmit
exceed-action drop
violate-action drop
R2#

R2#sh policy-map 512k
Policy Map 512k
Class class-default
police cir 512000 bc 16000 be 16000
conform-action transmit
exceed-action drop
violate-action drop
R2#

– Packet loss will be as the below shape.

R1#ping 10.10.10.2 re 1000 size 1500

Type escape sequence to abort.
Sending 1000, 1500-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.
!!!!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!
!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!
!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!
!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!
!!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!
!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!
!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!
!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!
!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!
!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!
!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!
!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!
!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!
!!.!!!!!!!!!!!!!.!!!
Success rate is 92 percent (928/1000), round-trip min/avg/max = 1/5/32 ms

– Interface can’t exceed full bandwidth during congestion (using one ping session with 1500 packet size) as shown below.

R2#sh int s0/0
Serial0/0 is up, line protocol is up
Hardware is M4T
Internet address is 10.10.10.2/24
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 11/255, rxload 12/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of “show interface” counters 22:59:47
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 127
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations  0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
  30 second input rate 76000 bits/sec, 5 packets/sec
  30 second output rate 70000 bits/sec, 5 packets/sec

377959 packets input, 506800969 bytes, 0 no buffer
Received 9662 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
373714 packets output, 500419582 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
4 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

Test-2) We configured (bc) value to be 96000 (cisco recommendation value for CIR 512K * will be shown later below) without adjusting (be) value, so we found that router using the same configured (bc) value by default for (be) value:

R2#sh run | sec policy-map 512k
policy-map 512k
class class-default
police cir 512000 bc 96000
conform-action transmit
exceed-action drop
violate-action drop
R2#
R2#
R2#sh policy-map 512k
Policy Map 512k
Class class-default
police cir 512000 bc 96000 be 96000
conform-action transmit
exceed-action drop
violate-action drop
R2#

– Packet loss will be as the below shape.

R1#ping 10.10.10.2 re 1000 size 1500

Type escape sequence to abort.
Sending 1000, 1500-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 98 percent (988/1000), round-trip min/avg/max = 1/4/32 ms

– Interface can’t exceed full bandwidth during congestion (using one ping session with 1500 packet size) but became better than the last result as shown below.

R2#sh int s0/0
Serial0/0 is up, line protocol is up
Hardware is M4T
Internet address is 10.10.10.2/24
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 63/255, rxload 63/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:00, output 00:00:01, output hang never
Last clearing of “show interface” counters 23:01:55
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 128
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations  0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
  30 second input rate 387000 bits/sec, 33 packets/sec
  30 second output rate 382000 bits/sec, 33 packets/sec

380950 packets input, 511269465 bytes, 0 no buffer
Received 9678 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
376648 packets output, 504802350 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
4 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

Test-3) We configured (bc) value to be 96000 and (be) to be 192000 (cisco recommendation values for CIR 512K ** will be shown later below)

R2#sh run | sec policy-map 512k
policy-map 512k
class class-default
police cir 512000 bc 96000 be 192000
conform-action transmit
exceed-action drop
violate-action drop
R2#
R2#
R2#sh policy-map 512k
Policy Map 512k
Class class-default
police cir 512000 bc 96000 be 192000
conform-action transmit
exceed-action drop
violate-action drop
R2#

– Packet loss will be as the below shape, the same as the last result.

R1#ping 10.10.10.2 re 1000 size 1500

Type escape sequence to abort.
Sending 1000, 1500-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 98 percent (988/1000), round-trip min/avg/max = 1/4/32 ms

– Interface can’t exceed full bandwidth during congestion (using one ping session with 1500 packet size) but became better than the last result as shown below.

R2#sh int s0/0
Serial0/0 is up, line protocol is up
Hardware is M4T
Internet address is 10.10.10.2/24
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 65/255, rxload 66/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of “show interface” counters 23:03:20
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 130
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations  0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
 30 second input rate 402000 bits/sec, 32 packets/sec
  30 second output rate 398000 bits/sec, 32 packets/sec

383798 packets input, 515535537 bytes, 0 no buffer
Received 9687 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
379461 packets output, 509015782 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
4 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

** Cisco recommended formula for calculating (bc) and (be):

Committed Burst Calculation:

To calculate committed burst, use the following formula:

bc = CIR bps * (1 byte) / (8 bits) * 1.5 seconds

1.5 seconds is the typical round-trip time.

For example, if the committed information rate is 512000 bps, then using the committed burst formula, the committed burst is 96000 bytes.

bc = 512000 * 1/8 * 1.5

bc = 64000 * 1.5 = 96000

Excess Burst Calculation:

be = 2 * committed burst

For example, if you configure a committed burst of 4000 bytes, then using the excess burst formula, the excess burst is 8000 bytes.

be = 2 * 4000 = 8000

The reason for these drops is that ICMP with packet size 1500 is policed on the router very aggressively and depending on the speed in which this traffic is responded and how much ICMP traffic is being sent.