TOF1314: QOS:Police-Shaping

QOS:Police-Shaping

Shaping implies the existence of a queue and of sufficient memory to buffer delayed packets, while policing does not.
Queueing is an outbound concept; packets going out an interface get queued and can be shaped. Only policing can be applied to inbound traffic on an interface.
Examples of scheduling functions are Class Based Weighted Fair Queuing (CBWFQ) and Low Latency Queuing (LLQ).

	Shaping	Policing
Objective	Buffer and queue excess packets above the committed rates.	Drop (or remark) excess packets above the committed rates. Does not buffer.*
Token Refresh Rate	Incremented at the start of a time interval. (Minimum number of intervals is required.)	Continuous based on formula: `1 / committed information rate`
Token Values	Configured in bits per second.	Configured in bytes.
Configuration Options	shape command in the modular quality of service command-line interface (MQC) to implement class-based shaping. frame-relay traffic-shape command to implement Frame Relay Traffic Shaping (FRTS). traffic-shape command to implement Generic Traffic Shaping (GTS).	police command in the MQC to implement class-based policing. rate-limit command to implement committed access rate (CAR).
Applicable on Inbound	No	Yes
Applicable on Outbound	Yes	Yes
Bursts	Controls bursts by smoothing the output rate over at least eight time intervals. Uses a leaky bucket to delay traffic, which achieves a smoothing effect.	Propagates bursts. Does no smoothing.
Advantages	Less likely to drop excess packets since excess packets are buffered. (Buffers packets up to the length of the queue. Drops may occur if excess traffic is sustained at high rates.) Typically avoids retransmissions due to dropped packets.	Controls the output rate through packet drops. Avoids delays due to queuing.
Disadvantages	Can introduce delay due to queuing, particularly deep queues.	Drops excess packets (when configured), throttling TCP window sizes and reducing the overall output rate of affected traffic streams. Overly aggressive burst sizes may lead to excess packet drops and throttle the overall output rate, particularly with TCP-based flows.
Optional Packet Remarking	No	Yes (with legacy CAR feature).

 The value of Tc defines the time interval during which you send the Bc bits in order to maintain the average rate of the CIR in seconds.

    Tc = Bc/CIR (in seconds)


Example using a CIR (or policer rate) of 8000 bps and a normal burst of 1000 bytes.

Router(config)# policy-map police-setting 
Router(config-pmap)# class access-match 
Router(config-pmap-c)# police 8000 1000 conform-action transmit exceed-action drop 


The token buckets starts full at 1000 bytes. If a 450 byte packet arrives, the packet conforms because enough bytes are available in the token bucket. 
The conform action (transmit) is taken by the packet and 450 bytes are removed from the token bucket (leaving 550 bytes).
 If the next packet arrives .25 seconds later, 250 bytes are added to the token bucket as per the following formula:

(0.25 * 8000)/8


The calculation leaves 700 bytes in the token bucket.
 If the next packet is 800 bytes, the packet exceeds and the exceed action (drop) is taken. No bytes are taken from the token bucket.
Both the shape and police commands restrict the output rate to a maximum kbps value. Importantly, neither mechanism provides a minimum bandwidth guarantee during periods of congestion. 
Use the bandwidth or priority command to provide such guarantees.

Traffic Policing





Command



Purpose




Router(config-pmap-c)# police bps burst-normal burst-maxconform-action action exceed-action action violate-actionaction



Specifies a maximum bandwidth usage by a traffic class.


In this particular example, traffic policing is configured with the average rate at 8000 bits per second, the normal burst size at 2000 bytes, and the excess burst size at 4000 bytes. Packets coming into Fast Ethernet interface 0/0 are evaluated by the token bucket algorithm to analyze whether packets conform exceed, or violate the specified parameters. Packets that conform are transmitted, packets that exceed are assigned a QoS group value of 4 and are transmitted, and packets that violate are dropped.


Router(config)# class-map acgroup2Router(config-cmap)# match access-group 2Router(config-cmap)# exitRouter(config)# policy-map policeRouter(config-pmap)# class acgroup2Router(config-pmap-c)# police 8000 2000 4000 conform-action transmit exceed-action set-qos-transmit 4 violate-action dropRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface fastethernet 0/0Router(config-if)# service-policy input police


Token Bucket Algorithm with One Token Bucket

The one token bucket algorithm is used when the violate-action option is not specified in the police command CLI.

The conform bucket is initially set to the full size (the full size is the number of bytes specified as the normal burst size).

When a packet of size B bytes arrives at time t the following actions occur:

a. Tokens are updated in the conform bucket. If the previous arrival of the packet was at t1 and the current time is t, the bucket is updated with (t-t1) worth of bits based on the token arrival rate. The token arrival rate is calculated as follows:

(time between packets<which is equal to t-t1> * policer rate)/8 bytes

b. If the number of bytes in the conform bucket - B is greater than or equal to 0, the packet conforms and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the conform bucket and the conform action is completed for the packet.

c. If the number of bytes in the conform bucket - B is less than 0, the exceed action is taken.


Example:  Router(config-pmap-c)# police 8000 1000 conform-action transmit exceed-action drop

Token Bucket Algorithm with Two Token Buckets

The two token bucket algorithm is used when the violate-action is specified in the police command CLI.

The conform bucket is initially full (the full size is the number of bytes specified as the normal burst size).

The exceed bucket is initially full (the full exceed bucket size is the number of bytes specified in the maximum burst size).

The tokens for both the conform and exceed token buckets are updated based on the token arrival rate (or CIR).

When a packet of size B bytes arrives at time t the following actions occur:

a. Tokens are updated in the conform bucket. If the previous arrival of the packet was at t1 and the current arrival of the packet is at t, the bucket is updated with t-t1 worth of bits based on the token arrival rate. The refill tokens are placed in the conform bucket. If the tokens overflow the conform bucket, the overflow tokens are placed in the exceed bucket.

The token arrival rate is calculated as follows:

(time between packets<which is equal to t-t1> * policer rate)/8 bytes

b. If the number of bytes in the conform bucket - B is greater than or equal to 0, the packet conforms and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the conform bucket and the conform action is taken. The exceed bucket is unaffected in this scenario.

c. If the number of bytes in the conform bucket - B is less than 0, the excess token bucket is checked for bytes by the packet. If the number of bytes in the exceed bucket - B is greater than or equal to 0, the exceed action is taken and B bytes are removed from the exceed token bucket. No bytes are removed from the conform bucket.

d. If the number of bytes in the exceed bucket - B is less than 0, the packet violates and the violate action is taken. The action is complete for the packet.

Example: Router(config-pmap-c)# police 8000 1000 1000 conform-action transmit exceed-action set-qos-transmit 1 violate-action drop

Source:
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftpoli.html

Tuesday, April 16, 2013

QOS:Police-Shaping

QOS:Police-Shaping