5.3 Traffic Policing and Traffic Shaping
Traffic policing evaluates or measures the incoming and outgoing data (bits rates) and ensures that the bit rate specified for the data is not exceeded. This is done by calculating and scrutinizing the bits or bytes being transmitted for a duration of time. Traffic shaping also measures the rate of incoming and outgoing data, but queues the packets that have exceeded the bit rate. These packets are then taken from the specific queue at the defined shaping rate. Traffic shaping and policing typically takes place at the network edge among two unlike networks. When a router transmits traffic that have exceeded the contracted traffic rate, traffic policing drops the excess packets. Traffic shaping on the other hand slows the rate at which traffic is transmitted to ensure that the contract is not exceeded.
Traffic policing may be necessary when a neighboring network can send more traffic than the actual the traffic contract. This can result in full queues, dropped packets, and high delay and jitter for multimedia traffic. Traffic policing therefore ensures that the network is not flooded by traffic when a neighboring network sends more traffic than the contracted traffic rate. Instead of dropping a packet when the traffic rate is surpassed, a policer can merely mark the packet with a different IP precedence or DSCP parameter. When the packet is marked down, other QoS tools would discard the packet at another point in the network when the traffic rate is exceeded. When the network is not as congested, the marked packet would move through the network. ISPs can choose either to police traffic at the contracted rate, or police traffic at a point between the contracted rate and the access link clock rate, or not to police traffic. When policing is used in a Frame Relay and ATM network it ensures that the network is not congested when traffic is transmitted more rapidly than the contracted rate.
Traffic shaping is normally carried out on packets that are departing from the router, and moving to another network like the link to an ISP, or the edge amid a router and a multi-access WAN. Traffic shaping can be used to delay the traffic when a neighboring network polices traffic. Shaping can also assist in decreasing egress blocking by shifting the queues from within the service provider cloud to the organization routers. By doing this, shaping permits the router queuing QoS tools to service the traffic types.
Traffic Shaping Terminology
| Term | Meaning |
|---|---|
| Bc | The committed burst size, measured in bits, is the amount of traffic that can be transmitted over a time interval. |
| Be | The excess burst size, which is the number of bits above Bc that can be transmitted once an interval of idleness has passed. |
| Shaped Rate | The shaped rate is the rate that traffic should be shaped to. This rate is defined in bits per second. |
| Tc | The time interval when the Bc can be transmitted. Tc is measured in milliseconds. |
Routers send bits from an interface at the physical clock rate of that interface. In order to ensure that the average bit rate is below the clock rate, the router would need to transmit packets during a particular duration of time only. For the rest of the time, the router would not transmit any packets. Traffic shaping identifies this period of time, and the number of bits that can be transmitted during that time duration, to ensure that traffic stays within the shaped rate. In this scenario assume that a router has an access rate of 128 kbps and a Committed Information Rate (CIR) of 64 kbps. The CIR, defines the rate specified in the traffic contract (in bits per second). When traffic is shaped to equal the CIR, the router only transmits traffic for half of the time at 128 kbps. The average over time is therefore 64 kbps. Traffic shaping therefore sends traffic for half of the time in every Tc. In reality, traffic shaping does not commence sending the bits, and then stops transmitting the bits. It works out the amount of bits, known as a Committed Burst (Bc), that should be sent in each time interval to stay within the confines of the shaping rate. The bits associated with the Bc flows at the physical link rate.
When enabling and configuring traffic shaping, only the shaped rate is defined. It is optional to specify the Bc. When only the shaped rate is specified, IOS then proceeds to calculate the Bc by assuming that the Tc is 125ms. The Tc length can affect delay and jitter for a packet experiencing shaping. At T1 speed it takes fairly quick to transmit the Bc amount of bits for each interval.
The Bc is calculated using the following formulae:
or
where the shaped rate is not equal to the CIR.
When the shaped rate and the Bc are specified, the following formulae are used to calculate the TC:
or
where the shaped rate is not equal to the CIR.
For delay sensitive traffic, the Bc should be set to a value that ensures the Tc is 10ms or below. Traffic shaping includes an additional feature that can be configured, known as the Be. The Bc of bits must be used in a single Tc period of time simply because every interval commences with the Bc of bits. Be is used by traffic shaping to transmit greater than Bc during intervals when activity is low. In an interval it is possible for Bc and Be to be transmitted.
The rate at which traffic shaping shapes traffic can differ during times of congestion. Traffic shaping adaptation can decrease the shaping rate at these times to assist in alleviating congestion. Once congestion is alleviated, the shaping rate is brought back to its original rate. To do this, the shaper must be able to determine when congestion takes place, and must also be able to amend the shaping rate according to times of congestion and times of no congestion. Frame Relay data frames can have the Forward Explicit Congestion Notification (FECN) and Backward Explicit Congestion Notification (BECN) bit set. The BECN bit is set within the frame header. The BECN indicates if congestion has occurred in the direction opposite to the direction of the frame. When a router acquires a BECN, the shaping rate is lessened to the minimum shaping rate, or Minimum Information Rate (MIR). The minimum rate is also referred to as the mincir. The maximum shaping rate is used when no congestion takes place. Similarly, signaling frames, called foresight messages can be transmitted from Cisco / Stratacom WAN switches. These messages can be interpreted by Cisco routers and are non data signaling frames. The foresight messages are transmitted to the actual device that should decrease its shaping rate.
Queuing tools can be used for the output queues of interfaces and queuing tools can be used on those packets in the traffic shaping queues. When both the output interface and the traffic shaper utilize queuing tools, the shaping queues are present apart from the interface output queues. In instances, the shaping or interface output queues are sidestepped. This occurs because a packet that does not require shaping is placed straightaway in the interface output queue. Likewise when the TX Queue is not full, a packet is placed straight into the TX Queue.
The following queuing tools can be used by the traffic shaping QoS tools:
Class Based Shaping (CB Shaping): CBWFQ, FIFO, LLQ and WFQ
Distributed Traffic Shaping (DTS): CBWFQ, FIFO, LLQ and WFQ
Frame Relay Traffic Shaping (FRTS): CBWFQ, CQ, FIFO, LLQ, PQ and WFQ
Generic Traffic Shaping (GTS): WFQ
Traffic shaping can be enabled on the physical interface, sub-interface or on single VCs. Traffic shaping can be applied to the following possible combination of locations. The shaping requirement for each location is noted as well:
On point to point links where there are no VCs, shaping is applied on the main interface.
On a physical interface with no sub-interfaces and one VC, traffic shaping would shape the single VC related to the physical interface. Shaping can be applied to the interface.
On a physical interface with a sub-interfaces and a VC, traffic shaping would shape the single VC related to the physical interface. Shaping can be applied to the interface, the sub-interface or the VC / Data Link Connection Identifier (DLCI).
On an interface with multiple VCs / point to point interfaces, shaping can be applied on each DLCI or sub-interface
On an interface with multiple VCs and multipoint sub-interfaces with multiple VCs for the subinterfaces, shaping in this instance should be applied on every DLCI.
With traffic policing, packets are classified according to whether it is within the traffic contract or outside the traffic contract. This determines whether the packet is permitted through, discarded or re-marked. The processing logic related to the Committed Access Rate (CAR), and that related to CB Policing are not exactly the same.
CAR actually determines if a packet is within the traffic contract or has surpassed the traffic contract. Each packet is classified when it reaches the traffic policer. CAR makes use of the Tc value that is computed in the same manner as with traffic shaping. The policing rate and Bc values are defined by the configuration. CAR calculates the Tc value, using the following formula:
When the Be option is not used, the collective number of bytes of the packets in one Tc interval determines if the packets are within the confines of the traffic contract, or if the traffic contract has been surpassed. Packets therefore surpass the traffic contract when greater than Bc bytes arrive for transmission
CAR is capable of determining when additional bytes identified by Be are used when Be is configured. Packets are classified in the same manner as if Be is not used, that is at within the contract or surpassing the contract. Packets are classified before the upper limit of Be is reached. Some packets are dropped prior to the whole of Be being used. The notion behind this is to decrease the rate that traffic is being transmitted at, and congestion. When the number of bytes of a packet is below or equivalent to Bc bytes, the packet is within the traffic contract. When the number of bytes of the packet surpasses Bc bytes, the CAR algorithm uses the debt calculations to ascertain if the packet is within the contract or has exceeded the contract. Be can be used and in this instance the actual debt (Da) owing to Be is the bytes needed to pass on the packet. The Da is increased whenever Be is used. When Be is being used, the compound debt (Dc) value is calculated. Whenever Da increases, Dc also increases. However, Dc increases more swiftly than Da because of the formulae used to calculate Dc. The packet is only passed on if Dc is less than Be.
The following formula is used to calculate Dc:
The Dc value increases to the point that it exceeds Be. At this point, the packet surpassed the traffic contract. Dc is then set back to 0. When a packet arrives, that exceeds Bc and Be, the packets is no longer within the boundaries of the contract.
Traffic shaping queues the extra packets, while traffic policing drops any exceeding packets. However, with policing, packets are marked when they are not dropped immediately. This packet has more probability of being dropped further on in the network should congestion take place.
5.3.1 Traffic Shaping QoS Tools
5.3.1.1 Generic Traffic Shaping (GTS)
GTS can classify and shape traffic, and can be applied to a number of interfaces, and on sub-interfaces. GTS supports FR, ATM, LAN, PPP and HDLC interfaces. GTS can shape on a subset of traffic on an interface. This is done by classifying traffic with an ACL. Traffic that is allowed by the ACL is shaped according to the values defined on the identical command. WFQ is the only queuing tool that can be used for a shaping queue. Therefore, there is no Low Latency option available. GTS can change the shaping rate, according to the BECN signal. With GTS, traffic shaping takes place when:
The Bc and Be are surpassed.
Adaptive shaping drops the shaping rate in response to a BECN signal.
Frame Relay fragmentation is enabled as well.
The following commands are relevant to GTS:
traffic-shape rate bit-rate [burst-size [excess-burst-size]]: Used in interface configuration mode, this command is used to enable GTS for a shaped rate. The command contains the Bc and Be settings as options.
traffic-shape group access-list bit-rate [burst-size [excess-burst-size]]: This command, used in interface configuration mode also enables GTS for a shaped rate. GTS in this instanced is only enabled for traffic allowed by the associated ACL
traffic-shape adaptive bit-rate: This command is used to allow for adaptive shaping. The minimum shaped rate is set.
traffic-shape fecn-adapt: This command is used to enable the signaling of BECNs after a FECN is received.
show traffic-shape [interface-type interface-number]: This command displays traffic shaping configuration information.
show traffic-shape statistics [interface-type interface-number]: This command displays statistics on the GTS shaping process
show traffic-shape queue [interface-number [dlci dlci-number]]: This command shows statistical information on the queuing tool connected to the shaping queue.
5.3.1.2 Class Based Traffic Shaping
CB shaping can classify and shape traffic, and can be applied to a number of interfaces, and on subinterfaces. CB shaping too supports FR, ATM, LAN, PPP and HDLC interfaces. WFQ, LLQ, CBWFQ and FIFO are the queuing tools that can be used for a shaping queue. CB shaping also supports adaptive shaping. MQC is used for configuring CB shaping. By using the shape average command, CB shaping can be set to operate in the same manner as GTS. Here, for each Tc, CB shaping would transmit Bc bits. Following times of low activity, CB shaping would transmits Bc and Be bits. An alternative to this CB shaping process is to allow CB shaping to transmit Bc and Be bits in each time interval. To allows Bc and Be bits to be transmitted during each interval is done using the shape peak command.
The commands listed under CB marking are used with CB Shaping. The commands that are listed below are those commands not mentioned previously. These commands are used in policy map class configuration mode:
shape [average | peak] mean-rate [[burst-size][excess-burst-size]] : This command enables shaping for the class and defines the shaping rate. The Bc and Be option can be set. The average option result in shaping taking place in the same manner as shaping is performed by GTS. The peak option enables Bc and Be to be transmitted for each Tc.
shape adaptive min-rate: This command is used to allow for adaptive shaping. The minimum shaped rate is set.
shape fecn-adapt: This command is used to enable the signaling of BECNs after a FECN is received.
The following command is used in interface or sub-interface configuration mode to enable CB shaping on the interface
service-policy {input | output} policy-map-name
5.3.1.3 Distributed Traffic Shaping (DTS)
DTS and CB Shaping, both shape traffic in the same manner. The only differing factor is that with DTS, shaping processing is assigned to VIPs in the 7500 Series routers. In order for DTS to operate, distributed CEF (dCEF) must first be configured globally for the interfaces. Next, CB Shaping should be configured.
5.3.1.4 Frame Relay Traffic Shaping (FRTS)
FRTS is applicable to only Frame Relay. When FRTS is enabled on the interface, every VC on the interface is shaped individually. FRTS is unable to shape a subset of traffic on the interface and FRTS cannot be enabled for a subset of VCs on the interface either. The frame-relay traffic-shape command is used to enable FRTS. When this command is used without any further configuration commands, the default settings are used by FRTS to shape each VC separately. When this command and further configuration commands are used, those settings are used and not the default settings.
Frame Relay Fragmentation (FRF) using Frame Relay Forum Implementation Agreement 12 (FRF.12) can be used with FRTS. Large packets are then fragmented and the smaller packets are interleaved. To enable interleaving, FRTS uses one queue on the physical interface for the large packets' fragments, and another queue for the small packets that are not fragmented. The latter queue is serviced first on the physical interface. This two queuing system is referred to as a Dual FIFO queuing
When FRTS is configured and enabled for VCs on an interface, no IOS queuing tool can be used on the same interface. FIFO, CBWFQ, WFQ, LLQ, PQ and CQ are the queuing tools that can be used for the FRTS shaping queue.
A key feature of FRTS is that FRTS can dynamically discover the Bc, Be and CIR rates or values defined for each VC at the Frame Relay switch. These settings are then used for shaping. The Cisco WAN Switching
products that utilize Enhanced LMI (ELMI) reveal these values for every VC to the router. Therefore, when
shaping to the CIR, all that needs to be enabled on the interface is FRTS and ELMI.
The following commands are used for FRTS:
frame-relay traffic-shaping: This interface subcommand applies FRTS to the interface
class name: This interface DLCI subcommand is used to enable a particular FRTS map class for the DLCI.
frame-relay class name: This command is used to enable a particular FRTS map class for the Interface/sub-interface.
map-class frame-relay map-class-name: This command, used in global configuration mode, names a map class and shifts the CLI into map-class configuration mode
frame-relay priority-group list-number: This command, used in map-class configuration mode, enables PQ for the shaping queues related to the map class.
frame-relay custom-queue-list list-number:. This command, used in map-class configuration mode, enables CQ for the shaping queues related to the map class
frame-relay fair-queue [congestive_discard_threshold number_dynamic_conversation_queues [number_reservable_conversation_queues [max_buffer_size_for_fair_queues]]]]: This command, used in map-class configuration mode, enables WFQ for the shaping queues related to the map class
service-policy {input | output} policy-mapname: This command, used in map-class configuration mode, enables CBWFQ or LLQ for the shaping queues related to the map class
The following commands are all used in map-class configuration mode to define certain values for FRTS:
frame-relay traffic-rate average [pea*]: This command sets the shaped rate and the Excess Information Rate (EIR). The Bc and Be values are computed from these values. Tc = 125ms
frame-relay bc {in | out} bits: In this instance, the Bc is set with this command.
frame-relay be {in | out} bits: In this instance, the Be is set with this command.
frame-relay cir {in | out} bps: In this instance, the CIR is set with this command.
frame-relay adaptive-shaping {becn | foresight}: This command enables adaptive shaping
frame-relay mincir {in | out} bps: This command is used to define the minimum CIR for adaptive shaping.
frame-relay tc milliseconds: This command sets the value of Tc
frame-relay qos-autosense: This command used in interface configuration mode enables ELMI to be used for learning the Bc, Be and CIR values per VC.
show traffic-shape [interface-type interface-number]: This command displays information on the FRTS configuration for each VC
show traffic-shape queue [interface-number [dlci dlci-number]]: This command should be used when wanting to view information on the queuing tool used on the shaping queue.
show traffic-shape statistics [interface-type interface-number]: This command brings up statistical information on traffic shaping
show frame-relay pvc [interface interface] [dlci]: This command displays shaping and PVC statistics.
5.3.2 Traffic Policing QoS Tools
Committed Access Rate (CAR) and Class Based Policing (CB Policing) are traffic policing QoS tools supported by IOS. With CB Policing a packet can fall in one of three classes: a packet is within the traffic contract, surpasses the traffic contract, or violates the traffic contract. With CAR, a packet is either within the traffic contract, or surpasses the traffic contract. CAR and CB Policing have a measure associated for each of these classes. Policing statements can be nested with CAR. This makes it possible to police traffic on the interface at a high rate, while subsets are policed at a lower traffic rate. CAR and CB Policing can classify packets.
5.3.2.1 CB Policing
CB Policing can police subsets of traffic on the interface or it can police the sub-interface on which it is applied. With CB Policing, packets are within the traffic contract when they do not exceed Bc. Packets surpass the contract when Be is not exceeded but Bc is. When a packet arrives, that exceeds Bc and Be, the packets is no longer within the boundaries of the contract. CB Policing can send the packet, discard the packet, or it can re-mark the IP Precedence or DSCP field with a lower value and then forward the packet. MQC is used for configuring CB Policing.
The commands listed under CB marking are used for CB Policing as well. The commands that are listed below are those commands not mentioned previously. These commands are used in policy map class configuration mode:
service-policy {input | output} policy-map-name: This command enables CB Policing on the interface or sub-interface
police bps burst-normal burst-max conform-action action exceed-action action [violate-action action]: This class subcommand is used for enabling CB policing for the class. The police rate, Bc, and Bc plus Be values are defined as well. The actions for CB policing to take on the packets are defined here as well. The following actions can be specified:
drop: The packet is dropped
transmit: The packet is forwarded
set-clp-transmit: The packet is transmitted after the ATM Cell Loss Priority (CLP) is marked
set-frde-transmit: The Frame Relay Discard Eligibility (DE) bit is marked and the packet is forwarded
set-dscp-transmit: The DSCP value is set and the packet is forwarded
set-mpls-exp-transmit: The MPLS Experimental bits are marked and the packet is sent.
set-prec-transmit: The IP Precedence value is set and the packet is forwarded
set-qos-transmit: The QoS Group value is set and the packet is forwarded
5.3.2.2 Committed Access Rate (CAR)
With CAR, traffic is either within the traffic contract or traffic exceeds the traffic contract. When using CAR as the traffic policing QoS tool, one packet can match many statements. With CAR, a subset of a large set of traffic can be stopped from consuming all the bandwidth.
The rate-limit command is used for configuring CAR. The following commands are used for configuring CAR:
rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action conform-action exceed-action exceed-action: This command, used in interface mode, enables CAR on the interface, and configures classification, marking and shaping for the QoS tool. The following actions can be specified:
drop: The packet is dropped
transmit: The packet is forwarded
continue: The following rate-limit command is assessed.
set-dscp-transmit: The DSCP value is set and the packet is forwarded
set-dscp-continue: The DSCP value is set and the following rate-limit command is assessed
set-mpls-exp-transmit: The MPLS Experimental bits are marked and the packet is sent.
set-mpls-exp-continue: The MPLS Experimental bits are marked and the following rate-limit command is assessed
set-prec-transmit: The IP Precedence value is set and the packet is forwarded
set-prec-continue: The IP Precedence value is set and the following rate-limit command is assessed
set-qos-transmit: The QoS Group value is set and the packet is forwarded
set-qos-continue: The QoS Group value is set and the following rate-limit command is assessed
access-list rate-limit acl-index {precedence | mac-address | exp mask mask}: This command in global mode is used for defining an ACL for CAR. This ACL can then match IP precedence, MAC Addresses and the MPLS Experimental bits.
show interfaces [interface-type interface-number] rate-limit: This command lists CAR related statistical information for the defined interface. When an interface is not stipulated, CAR information is shown for all the interfaces.
show access-lists rate-limit [acl-index]: This command displays information associated with the rate-limit ACL.