4 Traffic Shaping and Policing Overview This module describes for the QoS mechanisms that are used to limit the available bandwidth to traffic classes. It discusses two options—traffic policing and traffic shaping. Committed Access Rate (CAR) is discussed as a mechanism to provide traffic policing. Generic Traffic Shaping (GTS) and Frame Relay Traffic Shaping (FRTS) are discussed as traffic shaping mechanisms. It includes the following topics: n Traffic Shaping and Policing n Generic Traffic Shaping n Frame Relay Traffic Shaping n Committed Access Rate Objectives Upon completion of this module, you will be able to perform the following tasks: n Describe and configure Generic Traffic Shaping (GTS) n Describe and configure Frame Relay Traffic Shaping (FRTS) n Describe and configure Committed Access Rate (CAR) n Identify other mechanisms that support traffic shaping and policing (Class- based Policing and Class-based Shaping) 4-2 IP QoS Traffic Shaping and Policing Copyright  2001, Cisco Systems, Inc. Traffic Shaping and Policing Overview The lesson introduces mechanisms for traffic policing and traffic shaping. Committed Access Rate (CAR), Generic Traffic Shaping (GTS) and Frame Relay Traffic Shaping (FRTS) are introduced in this section. Objectives Upon completion of this lesson, you will be able to perform the following tasks: n Describe the need for implementing traffic policing and shaping mechanisms n List traffic policing and shaping mechanisms available in Cisco IOS n Describe the benefits and drawbacks of traffic shaping and policing mechanisms Copyright  2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-3 © 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-5 Traffic Shaping and Policing Traffic Shaping and Policing • Traffic Shaping and Policing mechanisms are used to rate-limit traffic classes • They have to be able to classify packets and meter their rate of arrival • Traffic Shaping delays excess packets to stay within the rate limit • Traffic Policing typically drops excess traffic to stay within the limit; alternatively it can remark excess traffic Classifier Marker Dropper Meter Traffic stream Both shaping and policing mechanisms are used in a network to control the rate at which traffic is admitted into the network. Both mechanisms use classification, so they can differentiate traffic. They also use metering to measure the rate of traffic and compare it to the configured shaping or policing policy. The difference between shaping and policing can be described in terms of their rate-limiting implementation: n Shaping meters the traffic rate and delays excessive traffic so that it stays within the desired rate limit. With shaping, traffic bursts are smoothed out producing a steadier flow of data. Reducing traffic bursts helps reduce congestion in the core of the network. n Policing drops excess traffic in order to control traffic flow within specified limits. Policing does not introduce any delay to traffic that conforms to traffic policies. It can however, cause more TCP retransmissions, because traffic in excess of specified limits is dropped. 4-4 IP QoS Traffic Shaping and Policing Copyright  2001, Cisco Systems, Inc. © 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-6 Why Use Rate Limiting Why Use Rate Limiting • To handle congestion at ingress to ATM/FR network with asymmetric link bandwidths • To limit access to resources when high- speed access is used but not desired • To limit certain applications or classes • To implement a virtual TDM system Rate limiting is typically used to satisfy one of the following requirements: n Prevent and manage congestion in ATM and Frame Relay networks, where asymmetric bandwidths are used along the traffic path. This prevents the layer-2 network from dropping large amounts of traffic by differentiately dropping excess traffic at ingress to the ATM or Frame Relay networks based on Layer-3 information (for example: IP precedence, DSCP, access list, protocol type, etc.) n Limit the access rate on an interface when high-speed physical infrastructure is used in transport, but sub-rate access is desired. n Engineer bandwidth so that traffic rates to certain applications or classes of traffic follow a specified traffic-rate policy. n Implement a virtual TDM system, where an IP network is used, but has the bandwidth characteristics of a TDM system (that is, fixed maximum available bandwidth). Inbound and outbound policing can, for example, be used on one router to split a single point-to-point link into two or more virtual point-to-point links by assigning a portion of the bandwidth to each class, thus preventing any class from monopolizing the link in either direction. Copyright  2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-5 © 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-7 Typical Traffic Shaping or Policing Applications Typical Traffic Shaping or Policing Applications Low-speed link High-speed link Output interface is not congested queuing and WRED do not work Congestion in WAN network results in non-intelligent layer- 2 drops Server Farm WAN Internet FastEthernet 256 kbps 64 kbps 128 kbps Limiting access to resources Implementing a virtual TDM or Leased line over a single physical link on one side The figure shows three possible applications of rate-limiting (shaping or policing) mechanisms. The first picture shows a Layer-2 WAN with unequal link bandwidths along a Layer-3 path. The ingress (left side) of the network has a high- speed link available into the Layer-2 backbone, which enables it to send traffic at a high rate. At the egress side, the sent traffic hits a low-speed link, and the Layer-2 network is forced to drop a large amount of traffic. If traffic were rate-limited at the ingress, optimal traffic flow occurs, resulting in minimal dropping by the Layer- 2 network. The second picture shows a hosting farm, which is accessible from the Internet via a shared link. Depending on the service contract, the hosting provider may offer different bandwidth guarantees to customers, and may want to limit the resources a particular server uses. Rate limiting can be used to divide the shared resource (upstream link) between many servers. The third example shows the option of implementing virtual leased lines over a Layer-3 infrastructure, where rate-limited reserved bandwidth is available over a shared link. 4-6 IP QoS Traffic Shaping and Policing Copyright  2001, Cisco Systems, Inc. © 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-8 Shaping vs. Policing Shaping vs. Policing • Benefits of Shaping –Shaping does not drop packets –Shaping supports interaction with Frame Relay congestion indication • Benefits of Policing –Policing supports marking –Less buffer usage (shaping requires an additional queuing system) A shaper typically delays excess traffic using a buffer, or mechanism, to hold packets and shape the flow when the data rate of the source is higher than expected. Traffic shaping smoothes traffic by storing traffic above the configured rate in a queue. Therefore, shaping increases buffer utilization on a router, but causes non-deterministic packet delays. Shaping can also interact with a Frame Relay network, adapting to indications of Layer-2 congestion in the WAN. A policer typically: n Drops non-conforming traffic n Supports marking of traffic n Is more efficient in terms of memory utilization (no additional buffering of packets in needed) n Does not increase buffer usage Both policing and shaping ensure that traffic does not exceed a bandwidth limit, but they have different impacts on the traffic: n Policing drops packets more often, generally causing more retransmissions of connection-oriented protocols n Shaping adds variable delay to traffic, possibly causing jitter Copyright  2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-7 © 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-9 How do Routers Measure Traffic Rate How do Routers Measure Traffic Rate • Routers use the Token Bucket mathematical model to keep track of packet arrival rate • The Token Bucket model is used whenever a new packet is processed • The return value is conformor exceed Bandwidth Time Link bandwidth Rate limit Exceeding traffic Conforming Traffic In order to perform rate limiting, routers must meter (or measure) traffic rates through their interfaces. To enforce a rate limit, metered traffic is said to: n Conform to the rate limit, if the rate of traffic is below or equal to the configured rate limit n Exceed the rate limit, if the rate of traffic is above the configured rate limit The metering is usually performed with an abstract model called a token bucket, which is used when processing each packet. The token bucket can calculate whether the current packet conforms or exceeds the configured rate limit on an interface. 4-8 IP QoS Traffic Shaping and Policing Copyright  2001, Cisco Systems, Inc. © 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -10 700200 Token Bucket Token Bucket 500 bytes 500 bytesConform Action The token bucket is a mathematical model used in a device that regulates the data flow. The mode has two basic components: n Tokens: where each token represents the permission to send a fixed number of bits into the network n The bucket: which has the capacity to hold a specified amount of tokens Tokens are put into the bucket at a certain rate by the operating system. Each incoming packet, if forwarded, takes tokens from the bucket, representing the packet’s size. If the bucket fills to capacity, newly arriving tokens are discarded. Discarded tokens are not available to future packets. If there are not enough tokens in the bucket to send the packet, the regulator may: n Wait for enough tokens to accumulate in the bucket (traffic shaping) n Discard the packet (policing) The figure shows a token bucket, with the current capacity of 700 bytes. When a 500-byte packet arrives at the interface, its size is compared to the bucket capacity (in bytes). The packet conforms to the rate limit (500 bytes < 700 bytes), and the packet is forwarded. 500 tokens are taken out of the token bucket leaving 200 tokens for the next packet. Copyright  2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-9 © 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -11 200 Token Bucket Token Bucket 300 bytes Exceed Action 300 bytes When the next packet arrives immediately after the first packet, and no new tokens have been added to the bucket (which is done periodically), the packet exceeds the rate limit. The packet size is greater than the current capacity of the bucket, and the exceed action is performed (drop in the case of pure policing, delay in the case of shaping). 4-10 IP QoS Traffic Shaping and Policing Copyright  2001, Cisco Systems, Inc. © 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -12 Token Bucket Token Bucket • B c is normal burst size (specifies sustained rate) • B e is excess burst size (specifies length of burst) B c + B e B c of tokens is added every T c [ms] T c = B c / CIR Time Link Utilization T c 2*T c 3*T c 4*T c 5*T c B c B c B c B c B c B c Link BW Average BW (CIR) B e Token bucket implementations usually rely on three parameters: CIR, B c and B e . CIR is the Committed Information Rate (also called the committed rate, or the shaped rate). B c is known as the burst capacity. B e is known as the excess burst capacity. T c is an interval constant that represents time. A B c of tokens are forwarded without constraint in every T c interval. In the token bucket metaphor, tokens are put into the bucket at a certain rate, which is B c tokens every T c seconds. The bucket itself has a specified capacity. If the bucket fills to capacity (B c + B e ), it will overflow and therefore newly arriving tokens are discarded. Each token grants permission for a source to send a certain number of bits into the network. To send a packet, the regulator must remove, from the bucket, the number of tokens equal in representation to the packet size. For example, if 8000 bytes worth of tokens are placed in the bucket every 125 milliseconds, the router can steadily transmit 8000 bytes every 125 milliseconds, if traffic constantly arrives at the router. If there is no traffic at all, 8000 bytes per 125 milliseconds get accumulated in the bucket, up to the maximum size (B c +B e ). One second’s accumulation therefore collects 64000 bytes worth of tokens, which can be transmitted immediately in the case of a burst. The upper limit, B c +B e , defines the maximum amount of data, which can be transmitted in a single burst, at the line rate. Note Again, note that the token bucket mechanism used for traffic shaping has both a token bucket and a queue used to delay packets. If the token bucket did not have a data buffer, it would be a policer. For traffic shaping, packets that arrive that cannot be sent immediately (because there are not enough tokens in the bucket) are delayed in the data buffer. [...]... Generic Traffic Shaping (GTS) – Frame Relay Traffic Shaping (FRTS) – Class-based Shaping • Policing Mechanisms: – Committed Access Rate (CAR) – Class-based Policing © 2001, Cisco Systems, Inc IP QoS Traffic Shaping and Policing -13 There are five token-bucket based rate-limiting methods available in Cisco IOS Three methods are shaping mechanisms: n Generic traffic shaping n Frame Relay traffic shaping. .. traffic- shape group commands can be configured on the same interface • The traffic- shape rate“ and traffic- shape group“ commands cannot be mixed on the same interface • Separate token bucket and shaping queue is maintained for each traffic- shape group command • Traffic not matching any access list is not shaped © 2001, Cisco Systems, Inc IP QoS Traffic Shaping and Policing -25 Classification of traffic. .. and shaping mechanisms n List traffic policing and shaping mechanisms available in Cisco IOS n Describe the benefits and drawbacks of traffic shaping and policing mechanisms Lesson Review Answer the following questions: 1 How do shaping and policing mechanisms keep track of the traffic rate? 2 Which shaping mechanisms are available with the Cisco IOS software? 3 Which policing mechanisms are available... mechanism Monitor and troubleshoot GTS IP QoS Traffic Shaping and Policing Copyright © 2001, Cisco Systems, Inc Generic Traffic Shaping Meter Classifier Traffic stream Marker Shaper Dropper • Can shape multiple classes (classification) • Can measure traffic rate of individual classes (metering) • Delays packets of exceeding classes (shaping) © 2001, Cisco Systems, Inc IP QoS Traffic Shaping and Policing -18... separate token buckets and shaping queues for each class, as differentiated by the access list specification Traffic not matching any access list bypasses traffic shaping and is immediately sent to the software or hardware interface queue Use the traffic- shape rate command if no classification is needed and shaping should be applied to all traffic Remember that the traffic- shape group command using an IP... 96048 Shaping Shaping Active Active yes yes Subset of the previous number of packets/bytes delayed via the WFQ queue © 2001, Cisco Systems, Inc IP QoS Traffic Shaping and Policing- 30 The show traffic- shape statistics command displays the statistics of traffic shaping for all the configured interfaces Displayed in the output is: n The interface where the traffic- shape rate or traffic- shape group command... Systems, Inc IP QoS Traffic Shaping and Policing 4-15 GTS Building Blocks Forwarder Classifier Yes Shaping WFQ No No No Classifier Yes Yes No Classifier Shaping WFQ Yes Yes No Shaping WFQ Yes No © 2001, Cisco Systems, Inc Physical Interface queue(s) IP QoS Traffic Shaping and Policing -19 GTS is implemented as a queuing mechanism, where there are separate WFQ delay queues implemented for each traffic class... be done on both the inbound and outbound interfaces © 2001, Cisco Systems, Inc IP QoS Traffic Shaping and Policing- 27 The figure shows the router configuration required to implement this service All the output traffic is shaped, and the shaping needs to be configured on all customer edge sites, which will perform admission control using GTS 4-24 IP QoS Traffic Shaping and Policing Copyright © 2001,... web traffic never uses more than 64 Kbps on the access link The router configuration is shown in the figure, using default parameters for traffic bursts An access list defines web traffic as the only shaped traffic All other traffic bypasses GTS and can use the full access line bandwidth Copyright © 2001, Cisco Systems, Inc IP QoS Traffic Shaping and Policing 4-25 Monitoring GTS Router(config)# show traffic- shape... figure shows the results of the show traffic- shape command issued on a router that shapes traffic to 100kbps with Bc and Be set to 8000 To display the current traffic- shaping configuration, use the show traffic- shape command To display the current traffic -shaping statistics, use the show trafficshape statistics command Output of both the commands is detailed in the ensuing figures Information displayed . Systems, Inc. IP QoS Traffic Shaping and Policing- 5 Traffic Shaping and Policing Traffic Shaping and Policing • Traffic Shaping and Policing mechanisms. mechanisms that support traffic shaping and policing (Class- based Policing and Class-based Shaping) 4-2 IP QoS Traffic Shaping and Policing Copyright 