QoS Traffic Policing (drop excess traffic)

Today, I was facing an issue with several users. These users were uploading big files on server (http). Unfortunately, they were using all available bandwidth. It's why, I have decided to police this specific traffic (any users to this server). With the following configuration, the bandwidth for users is limited at 3Mbps (configuration applied on a Layer 3 Switch):

• If the bandwidth exceeds 3Mbps, following packets are dropped:

access-list 100 permit tcp any 10.10.10.200 0.0.0.0 eq www

!

class-map match-all UserTraffic

match access-group 100

!

policy-map policeTraffic

class UserTraffic

    police 3000000 conform-action transmit  exceed-action drop

!

interface Vlan999

service-policy output policeTraffic

• Check statistics:

MYSWITCH#show policy-map  interface vlan 999

Vlan999

  Service-policy output: policeTraffic

    Class-map:UserTraffic (match-all)

      558663 packets, 827048161 bytes

      5 minute offered rate 3643000 bps, drop rate 645000 bps

      Match: access-group 100

      police:

          cir 3000000 bps, bc 93750 bytes

        conformed 460702 packets, 679305595 bytes; actions:

          transmit

        exceeded 97962 packets, 147744080 bytes; actions:

          drop

        conformed 2994000 bps, exceed 669000 bps

    Class-map: class-default (match-any)

      1626596 packets, 568490144 bytes

      5 minute offered rate 3555000 bps, drop rate 0 bps

      Match: any