© 2001, cisco systems, inc. traffic shaping and policing

© 2001, Cisco Systems, Inc.

Traffic Shaping and Policing

Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-2

Objectives

Upon completing this module, you will be able to: Describe and configure generic traffic shaping (GTS) Describe and configure Frame Relay traffic shaping

(FRTS) Describe and configure committed access rate (CAR) Name other mechanisms that support traffic shaping

and policing (class-based policing and class-based shaping)


Traffic Shaping and Policing Overview


Objectives

Upon completing this lesson, you will be able to: Describe the need for implementing traffic policing

and shaping mechanisms List traffic policing and shaping mechanisms available

in Cisco IOS Describe the benefits and drawbacks of traffic

shaping and policing mechanisms

Inner Mongolia University5© 2001, Cisco Systems, Inc. QOS v1.0—4-5

Traffic Shaping and Policing

Traffic shaping and policing mechanisms are used to rate-limit traffic classes.

They have to be able to classify packets and meter their rate of arrival. Traffic shaping delays excess packets so that they stay within the rate limit. Traffic policing typically drops excess traffic so that it stays within the limit;

alternatively, it can remark excess traffic.

Classifier Marker Dropper

Meter

TrafficStream


Why Use Rate Limiting?

To handle congestion at ingress to ATM/Frame Relay network with asymmetric link bandwidths

To limit access to resources when high-speed access is used but not desired

To limit certain applications or classes To implement a virtual TDM system


Typical Traffic Shaping or Policing Applications

Low-SpeedLink

High-SpeedLink

Output interface is not congested; queuing and WRED do not work.

Output interface is not congested; queuing and WRED do not work.

Congestion in WAN network results in nonintelligent Layer 2 drops.

Congestion in WAN network results in nonintelligent Layer 2 drops.

ServerFarm

WAN

Internet

Fa

stE

the

rne

t

256 kbps

64 kbps

128 kbps

Access to resources is limited. Access to resources is limited.

A virtual TDM or leased line is implemented over a single physical link on one side

A virtual TDM or leased line is implemented over a single physical link on one side


Shaping vs. Policing

Benefits of shaping:• Shaping does not drop packets.

• Shaping supports interaction with Frame Relay congestion indication.

Benefits of policing:• Policing supports marking.

• Buffer usage is not increased (shaping requires an additional queuing system).


How Do Routers Measure Traffic Rate?

Routers use the token bucket mathematical model to keep track of packet arrival rate.

The token bucket model is used whenever a new packet is processed. The return value is conform or exceed.

Bandwidth

Time

Link Bandwidth

Rate Limit

Exceeding Traffic

Conforming Traffic


700700200200

Token Bucket

500 bytes500 bytes 500 bytesConform Action


200200

Token Bucket (cont.)

300 bytes300 bytes Exceed Action300 b

ytes


Token Bucket

Bc is normal burst size (specifies sustained rate)

Be is excess burst size (specifies length of burst)

Bc + Be

Bc of tokens is added every Tc [ms]

Tc = Bc / CIR

Time

LinkUtilization

Tc 2*Tc 3*Tc 4*Tc 5*Tc

Bc Bc Bc Bc Bc Bc

Link BW

Average BW(CIR)

Be


Traffic Shaping and Policing Mechanisms

Shaping mechanisms:• Generic traffic shaping (GTS)

• Frame Relay traffic shaping (FRTS)

• Class-based shaping Policing mechanisms:

• Committed access rate (CAR)

• Class-based policing


Summary

Upon completing this lesson, you should be able to: Describe the need for implementing traffic policing

and shaping mechanisms List traffic policing and shaping mechanisms available

in Cisco IOS Describe the benefits and drawbacks of traffic

shaping and policing mechanisms


Lesson Review

1.How do shaping and policing mechanisms keep track of the traffic rate?

2.Which shaping mechanisms are available with Cisco IOS software?

3.Which policing mechanisms are available with Cisco IOS software?

4.What are the main differences between shaping and policing?


Generic Traffic Shaping


Objectives

Upon completing this lesson, you will be able to: Describe the GTS mechanism Describe the benefits and drawbacks of GTS Configure GTS on Cisco routers Monitor and troubleshoot GTS


Generic Traffic Shaping

Can shape multiple classes (classification) Can measure traffic rate of individual classes

(metering) Delays packets of exceeding classes (shaping)

TrafficStream

Classifier MarkerShaperDropper

Meter


GTS Building Blocks

Classifier

Classifier

Classifier

No

No

NoPhysical Interface

Queue(s)

ShapingWFQ

Yes

Yes

Yes

ShapingWFQ

ShapingWFQ

No

No

No

Yes

Yes

Yes

Forwarder


GTS Overview

GTS is multiprotocol. GTS uses WFQ for the shaping queue. GTS can be implemented in combination with any

queuing mechanisms:• FIFO queuing

• Priority queuing (PQ)

• Custom queuing (CQ)

• Weighted fair queuing (WFQ) GTS works on output only.


GTS Implementation

The software queue may have no function if the sum of all shaping rates is less than the link bandwidth.

ShapingQueue

(WFQ)

ShapingQueue

(WFQ)

SoftwareQueue(FIFO, PQ,

CQ, WFQ, ...)


CQ, WFQ, ...)

HardwareQueue

(FIFO)

HardwareQueue

(FIFO)

Dispatches packets at

configured rate


configured rate

Dispatches packets at line

rate


rate


rate


rate

Bypasses the software queue if it is empty and there is room

in the hardware queue

Bypasses the software queue if it is empty and there is room

in the hardware queue


Configuring GTS

• Enables traffic shaping of all outbound (sub)interface traffic

• In IOS versions prior to 11.2(19) and 12.0(4), optimum switching is disabled on all interfaces if traffic shaping is enabled on any interface

traffic-shape rate bit-rate [burst-size [excess-burst-size]]traffic-shape rate bit-rate [burst-size [excess-burst-size]]

Router(config-if)#


Configuring GTS (cont.)

• Bit rate: average traffic rate in bps (equivalent to Frame Relay CIR)

• Burst size: amount of traffic sent in a measurement interval in bits (equivalent to Frame Relay Bc)

Default value: 1/8 of bit rate


Router(config-if)#



•Excess burst size: amount of excess traffic that can be sent during the first burst in bps (equivalent to Frame Relay Be)

–Default value: no excess burst

•Measurement interval (Tc): computed from bit rate and burst size

–Tc smaller than 25 ms is rejected: Tc greater than 125 ms is reduced


Router(config-if)#



• Traffic-shape group shapes outbound traffic matched by the specified access list.

• Several traffic-shape group commands can be configured on the same interface.

• The traffic-shape rate and traffic-shape group commands cannot be mixed on the same interface.

• A separate token bucket and shaping queue is maintained for each traffic-shape group command.

• Traffic not matching any access list is not shaped.

traffic-shape group access-list bit-rate [burst [excess-burst]]traffic-shape group access-list bit-rate [burst [excess-burst]]

Router(config-if)#


GTSExample #1

An ISP wants to sell a service in which a customer may use all of an E1 line for 30 seconds in a burst, but on a long-term average is limited to 256 kbps.

GTS parameters:• Bit rate: 256,000—output rate is 256,000 bps• Burst size—32,000 the number of bits sent in 125 ms• Excess burst size: 61,440,000 = 2,048,000 x 30


Core

Customer

GTSExample #1 (cont.)

interface ethernet0/0 traffic-shape rate 256000 32000 61440000!interface serial1/0 traffic-shape rate 256000 32000 61440000

interface ethernet0/0 traffic-shape rate 256000 32000 61440000!interface serial1/0 traffic-shape rate 256000 32000 61440000

• Because the ISP wants to control the total amount of load, the configuration would be done on both the inbound and outbound interfaces.

WAN


Core

Customer

GTSExample #2

• The customer wants to be sure that web traffic will never use more than 64 kbps.

WAN

interface ethernet 0/0 traffic-shape group 101 64000interface serial 1/0 traffic-shape group 101 64000!access-list 101 permit tcp any any eq www

interface ethernet 0/0 traffic-shape group 101 64000interface serial 1/0 traffic-shape group 101 64000!access-list 101 permit tcp any any eq www


Monitoring GTS

Router#show traffic-shape access Target Byte Sustain Excess Interval Increment Adapt I/F list Rate Limit bits/int bits/int (ms) (bytes) Active Se3/3 100000 2000 8000 8000 80 1000 -

Router#show traffic-shape access Target Byte Sustain Excess Interval Increment Adapt I/F list Rate Limit bits/int bits/int (ms) (bytes) Active Se3/3 100000 2000 8000 8000 80 1000 -

CIR Bc

Be

Tc=Bc/CIR

MAX = (Bc + Be)/8 Bc = Tc * CIR

Do we listen to FECN/BECN?

• Displays current traffic shaping configuration

show traffic-shapeshow traffic-shape

Router(config)#


Monitoring GTS (cont.)

Router#show traffic-shape statistics Access Queue Packets Bytes Packets Bytes Shaping I/F List Depth Delayed Delayed Active Se3/3 77 16091 3733112 414 96048 yes

Router#show traffic-shape statistics Access Queue Packets Bytes Packets Bytes Shaping I/F List Depth Delayed Delayed Active Se3/3 77 16091 3733112 414 96048 yes

Depth of the associated WFQ queue for delayed packets

Number of packets/bytes sent on the interface

Subset of the previous number of packets/bytes

delayed via the WFQ queue

• Displays traffic shaping statistics

show traffic-shape statisticsshow traffic-shape statistics

Router(config)#


Monitoring GTS (cont.)

router#show traffic-shape queue Traffic queued in shaping queue on Serial0 (depth/weight) 1/4096 Conversation 254, linktype: ip, length: 232 source: 1.1.1.1, destination: 1.1.2.47, id: 0x0001, ttl: 208, TOS: 0 prot: 17, source port 11111, destination port 22222

router#show traffic-shape queue Traffic queued in shaping queue on Serial0 (depth/weight) 1/4096 Conversation 254, linktype: ip, length: 232 source: 1.1.1.1, destination: 1.1.2.47, id: 0x0001, ttl: 208, TOS: 0 prot: 17, source port 11111, destination port 22222

• Displays the shaping queue contents

show traffic-shape queueshow traffic-shape queue

Router(config)#


GTS on Frame Relay Interfaces

GTS can be implemented on any type of (sub)interface.

GTS supports additional features when implemented on Frame Relay interfaces:

• Adaptation to Frame Relay congestion notification

• BECN-to-FECN reflection

• FECN creation on congestion


Frame Relay Refresher

Frame Relay explicit congestion notification• FECN (Forward explicit congestion notification)• BECN (Backward explicit congestion notification)• CLLM (Consolidated link layer management)

Implicit congestion notification• Network discards detected by end user at higher

layers• DE (discard eligibile) bit


Frame 1 Frame 1 FECNFrame 1 FECN

Frame 2Frame 2 BECNFrame 2 BECN

Congestion This SideNo Congestion This Side

Switch monitors all transmit queues for

congestion.

Switch monitors all transmit queues for

congestion.

Sender

Receiver

FrameRelaySwitch

FrameRelaySwitch

Frame Relay FECN/BECN Congestion Control

Same Virtual Circuit (VC)

• Frame Relay switch detects congestion on output queue and informs:

– The receiver, by setting the FECN bit on forwarded frames

– The source, by setting the BECN bit on frames going in the opposite direction


GTS Frame Relay Congestion Adaptability

On a Frame Relay (sub)interface, GTS can adapt dynamically to available Frame Relay bandwidth by integrating BECN signals:

• The GTS bit rate is reduced when BECN packets are received in order to reduce the data flow through the congested Frame Relay network.

• Adaptation is done on a per- (sub)interface basis.• The GTS bit rate is gradually increased when the congestion

is no longer present (no BECN packets are received anymore).


GTS Frame Relay Congestion Adaptability Mechanisms

Bit-rate adaptation:• The traffic shaping bit rate is reduced when a packet with a

BECN bit is received in the Tc .

• The traffic shaping bit rate is increased if no BECN bits were received in the Tc .

FECN-to-BECN propagation:• A test packet with a BECN bit set is sent to the sender if a

packet with an FECN bit set is received.


An Example of BECN Integration

BECN Integration

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Time Represented in Units of Tc

Inc

Ad

de

d E

ve

ry T

c i

n t

he

To

ke

n B

uc

ke

t

Inc

BECN

BECN

traffic-shape rate 64000 8000 8000traffic-shape adaptive 32000

BECN received at Tc #1 and Tc #3

Hypothesis: no idle traffic


Congestion

FECN-to-BECN Propagation

Sender

Receiver

If there is no reverse traffic, the switch is not able to set BECN in frames going back

to sender.

BECN in Q.922TestBECN in

Q.922Test

FECNFECN

FrameRelaySwitch

FrameRelaySwitch


Configuring Bit-Rate Adaptation

• Configures traffic shaping Frame Relay bit-rate adaptation

bit-rate—lowest bit rate the traffic is shaped to in response to continuous BECN signals

Default: one-half the specified traffic shaping rate

• Traffic shaping has to be enabled

traffic-shape adaptive [bit-rate]traffic-shape adaptive [bit-rate]

Router(config-if)#


• Configures the router to send Frame Relay TEST message with BECN bit set in response to receiving a frame with FECN bit set

• Can be used without adaptive traffic shaping

Configuring FECN-to-BECN Propagation

• Sets FECN bit in all outgoing packets that have been delayed due to traffic shaping

• Use for debugging/simulation only

traffic-shape fecn-adapttraffic-shape fecn-adapt

Router(config-if)#

traffic-shape fecn-createtraffic-shape fecn-create

Router(config-if)#


GTS Frame Relay Adaptation Design

Conservative scenario: Set shaping rate to CIR Set minimum rate to MIR (or one-half CIR)

Optimistic scenario: Set shaping rate to EIR Set minimum rate to CIR

Realistic scenario: Set shaping rate to EIR Set minimum rate to MIR (or one-half CIR)


Core

Customer

WAN

GTS Frame Relay Adaptation Example

interface serial 0/0 traffic-shape rate 64000 8000 8000 traffic-shape adaptive 48000

interface serial 0/0 traffic-shape rate 64000 8000 8000 traffic-shape adaptive 48000

• EIR = 64 kbps• CIR = 48 kbps• Assumption: Frame Relay network is usually not

congested.


Summary

Upon completing this lesson, you should be able to: Describe the GTS mechanism Describe the benefits and drawbacks of GTS Configure GTS on Cisco routers Monitor and troubleshoot GTS


Lesson Review

1.What software queuing mechanisms are supported in combination with GTS?

2.Which queuing structure does GTS use?

3.What features does GTS include when it is used on Frame Relay interfaces?


Committed Access Rate


Objectives

Upon completing this lesson, you will be able to: Describe the CAR mechanism Describe the benefits and drawbacks of CAR Describe the differences between CAR, GTS, and

FRTS Configure CAR on Cisco routers Monitor and troubleshoot CAR


Committed Access Rate

Primarily intended for rate limiting Can be used on inbound and outbound traffic Does not queue (delay) packets Can also mark packets Can be implemented for differentiated marking


Meter

Inboundor

Outbound


CAR on Input and Output

Inbound Classifier Marker Dropper

Meter

Outbound


Meter

Forwarding

Queuing

CAR on input is processed just before forwarding (most other QoS mechanisms are processed before CAR).

CAR on output is processed immediately after forwarding (most other QoS mechanisms are processed after CAR).


CAR Implementation

The software queue may have no function if the sum of all CAR rates is less than the link bandwidth.


CQ, WFQ, ...)


CQ, WFQ, ...)

HardwareQueue

(FIFO)

HardwareQueue

(FIFO)


rate


rate


rate


rate

Bypasses the software queue if it is empty and there is

room in the hardware queue

Bypasses the software queue if it is empty and there is

room in the hardware queue

CARCAR


configured rate


configured rate


Interface-Wide CAR Diagram

Class 1?Class 1?

Class 2?Class 2?

Class n?Class n?

CARCAR

CARCAR

CARCAR

continue

continue

transmit

transmit

transmit

drop

drop

drop

Output Queueor

Forward

• CAR has three different actions:– Transmit– Continue– Drop


CAR Diagram

MeterMeter

Conforms?Conforms?

Set IP Precedence? Set IP Precedence?

Set DSCP?Set DSCP?

Set MPLS Experimental? Set MPLS Experimental?

Set QoS group? Set QoS group?

Mark?Mark?

Transmit?Transmit?Yes / No

Set IP PrecedenceSet IP Precedence

Set DSCPSet DSCP

Set MPLS ExperimentalSet MPLS Experimental

Set QoS GroupSet QoS Group

Continue?Continue?

Drop?Drop?

Yes

Yes

Yes

No

No

Forwardor

Enqueue

Go toNext

CAR Command

• Marking depends on whether the packet conforms to or exceeds the policy.

Yes

Yes

Yes

Yes


Configuring CAR

• Specifies all four conditioner elements for a particular traffic class

• Repeat this command for different classes of traffic

• If a match is not found, the default action is to transmit

rate-limit {input | output} [access-group [rate-limit] #acl | qos-group number | dscp dscp] mean-rate Bc Be conform-action { drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue value set-dscp-transmit value | set-dscp-continue value | set-mpls-transmit value | set-mpls-continue value } exceed-action { drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue value set-dscp-transmit value | set-dscp-continue value | set-mpls-transmit value | set-mpls-continue value }

rate-limit {input | output} [access-group [rate-limit] #acl | qos-group number | dscp dscp] mean-rate Bc Be conform-action { drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue value set-dscp-transmit value | set-dscp-continue value | set-mpls-transmit value | set-mpls-continue value } exceed-action { drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue value set-dscp-transmit value | set-dscp-continue value | set-mpls-transmit value | set-mpls-continue value }

Router(config-if)#


CAR Classification

IP packets are classified:– Based on their direction (input or output)

Optional classification based on:– Numbered IP access list (standard or extended)– IP Precedence rate-limit access list – MAC address rate-limit access list– QoS group set by a previous conditioner in the same node– DSCP

rate-limit {input | output} [access-group [rate-limit] #acl | qos-group number | dscp dscp]

...

rate-limit {input | output} [access-group [rate-limit] #acl | qos-group number | dscp dscp]

...

Router(config-if)#


Null CAR Classifier

• Selects packets in ingress or egress direction that have not been classified with any previous rate-limit commands on this interface

• Usually used as the last rate-limit command on an interface

rate-limit {input | output} ...rate-limit {input | output} ...

Router(config-if)#


CAR ClassifierBased on IP Access List

• Configures an IP access list to be used as a packet classifier

• Classifies packets received over an interface with the IP access list

• Classification based on IP Precedence can be done with IP access list

rate-limit {input | output} access-group number ...rate-limit {input | output} access-group number ...

Router(config-if)#

access-list acl-index {deny | permit} source [source-wildcard]

access-list acl-index {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [dscp dscp] [log]

access-list acl-index {deny | permit} source [source-wildcard]

access-list acl-index {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [dscp dscp] [log]

Router(config)#


CAR Classifier Based on IP Precedence

The IP Precedence classifier uses rate-limit access lists from 1 to 99 to match on IP Precedence values.

rate-limit {input | output} access-group rate-limit number ...rate-limit {input | output} access-group rate-limit number ...

Router(config-if)#


IP Precedence-BasedRate-Limit Access List

• ACL index is between 1 and 99• Matches packets with specified IP Precedence• Only one line is allowed in the access list

• ACL index is between 1 and 99• Matches packets that match any precedence value

specified in the mask• Precedence mask has one bit for each precedence

value (Bit 0 = Precedence 0)

access-list rate-limit acl-index precedenceaccess-list rate-limit acl-index precedence

Router(config)#

access-list rate-limit acl-index mask precedence-maskaccess-list rate-limit acl-index mask precedence-mask

Router(config)#


CAR Classifier Based on Upstream MAC Address

The upstream MAC address classifier uses rate-limit access lists from 100 to 199 to match on the MAC address of an upstream router or host.

rate-limit {input | output} access-group rate-limit number ...rate-limit {input | output} access-group rate-limit number ...

Router(config-if)#


MAC Address Rate-Limit Access List

• ACL index is between 100 and 199• Matches packets received from upstream neighbor

with specified MAC address• Only the MAC address is allowed in the access list

(each upstream neighbor requires a different rate-limit statement)

access-list rate-limit acl-index mac-addressaccess-list rate-limit acl-index mac-address

Router(config)#


QoS Group CAR Classifier

Selects IP packets already marked in this node with specified QoS group

QoS group marking can be done through:– Policy-based routing

– CEF marking based on QPPB

– Inbound rate limit on another interface

– Inbound class-based marking on another interface

Available only on high-end platforms

rate-limit {input | output} qos-group number ...rate-limit {input | output} qos-group number ...

Router(config-if)#


DSCP-Based CAR Classifier

Selects IP packets marked with the specified DiffServ code point

DSCP marking could be done through:– Rate limiting on another interface or router

– Class-based marking on another interface or router

rate-limit {input | output} dscp dscp ...rate-limit {input | output} dscp dscp ...

Router(config-if)#


CAR Meter

The rate-limit meter measures the contract compliance of a traffic class selected with a classifier.

A modified token bucket algorithm is used:– mean-rate specifies average traffic rate.

– Bc specifies the normal burst size.

– Be specifies the excess burst size.

The token bucket size is defined by Be alone.

rate-limit {input | output}[access-group [rate-limit] number | qos-group number | dscp dscp]mean-rate Bc Be

...

rate-limit {input | output}[access-group [rate-limit] number | qos-group number | dscp dscp]mean-rate Bc Be

...

Router(config-if)#


CAR Actions

CAR actions can be split into two subactions:• Marking action• Processing action

Marking actions support the setting of:• IP Precedence• DSCP• MPLS experimental bits• QoS group

Processing actions:• Transmit—packet is transmitted• Continue—packet is also processed by the next “rate-limit”

command• Drop—packet is dropped


CAR Actions (cont.)

Processing actions “transmit,” “continue,” and “drop” can be used as standalone actions.

Processing actions “transmit” and “continue” can be combined with marking actions (set-mark_action-proc_action):

• set-prec-transmit• set-qos-transmit• set-mpls-transmit• set-dscp-transmit• set-prec-continue• set-qos-continue• set-mpls-continue• set-dscp-continue


CAR Actions (cont.)

Conforming and exceeding packets can be configured with different actions.

There are three typical uses of CAR:• Pure rate limiting:

– Transmit conforming packets– Drop exceeding packets

• Differentiated marking:– Transmit conforming packets with marker value x (e.g., IP Precedence 3)– Transmit exceeding packets with marker value y (e.g., IP Precedence 2)

• Pure marking:– Transmit confirming and exceeding packets with the same marker value


Displaying CAR Parameters and Statistics

Router#show interfaces serial 0/0 rate-limitSerial0 Input matches: qos-group 4 params: 128000 bps, 64000 limit, 128000 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: set-prec-transmit 0 last packet: 421250660ms ago, current burst: 0 bytes last cleared 00:00:59 ago, conformed 0 bps, exceeded 0 bps Output matches: access-group 181 params: 8000 bps, 8000 limit, 16000 extended limit conformed 19 packets, 21576 bytes; action: set-prec-transmit 3 exceeded 5 packets, 7520 bytes; action: drop last packet: 145344ms ago, current burst: 11552 bytes last cleared 00:03:01 ago, conformed 0 bps, exceeded 0 bps

Router#show interfaces serial 0/0 rate-limitSerial0 Input matches: qos-group 4 params: 128000 bps, 64000 limit, 128000 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: set-prec-transmit 0 last packet: 421250660ms ago, current burst: 0 bytes last cleared 00:00:59 ago, conformed 0 bps, exceeded 0 bps Output matches: access-group 181 params: 8000 bps, 8000 limit, 16000 extended limit conformed 19 packets, 21576 bytes; action: set-prec-transmit 3 exceeded 5 packets, 7520 bytes; action: drop last packet: 145344ms ago, current burst: 11552 bytes last cleared 00:03:01 ago, conformed 0 bps, exceeded 0 bps

• Displays CAR parameters and statistics

show interfaces intf rate-limitshow interfaces intf rate-limit

Router#


Display Rate-LimitAccess Lists

Router#show access-lists rate-limitRate-limit access list 10 1Rate-limit access list 11 mask 81Rate-limit access list 120 4000.1234.ABCD

Router#show access-lists rate-limitRate-limit access list 10 1Rate-limit access list 11 mask 81Rate-limit access list 120 4000.1234.ABCD

• List rate-limit access lists

show access-lists rate-limitshow access-lists rate-limit

Router(config)#


CAR: Limiting Example #1

A service provider connects all its customers via 2 Mbps physical leased lines (or ADSL links) and uses CAR to limit the actual amount of traffic the user can send or receive.

In addition, several differentiated services could be provided based on customer needs.


CAR: Limiting Example #1 (cont.)

ISPCustomer

Customer

2 Mbps

2 Mbps

Customer

2 Mbps

NAP

Internet

interface serial 0/0rate-limit input 256000 4000 96000 conform-action transmit exceed-action droprate-limit output 256000 4000 96000 conform-action transmit exceed-action drop

interface serial 0/0rate-limit input 256000 4000 96000 conform-action transmit exceed-action droprate-limit output 256000 4000 96000 conform-action transmit exceed-action drop


CAR: Limiting and Marking Example #2

Web traffic is limited to 512 kbps and transmitted with higher precedence:

• Excess web traffic is classified as regular traffic.

All other traffic is limited to 256 kbps and transmitted with Precedence 0:

• Excess traffic is dropped.• Burst size is 16,000 bytes.• Excess burst size is 24,000 bytes.


CAR: Limiting and Marking Example #2 (cont.)

ISPCustomer

2 Mbps

NAP

Internet

interface serial 0/0 rate-limit input access-group 101 512000 64000 128000 conform-action set-prec-transmit 1 exceed-action continue rate-limit input 256000 16000 24000 conform-action set-prec-transmit 0 exceed-action drop rate-limit output access-group 101 512000 64000 128000 conform-action set-prec-transmit 1 exceed-action continue rate-limit output 256000 16000 24000 conform-action set-prec-transmit 0 exceed-action drop!access-list 101 permit tcp any any eq wwwaccess-list 101 permit tcp any eq www any

interface serial 0/0 rate-limit input access-group 101 512000 64000 128000 conform-action set-prec-transmit 1 exceed-action continue rate-limit input 256000 16000 24000 conform-action set-prec-transmit 0 exceed-action drop rate-limit output access-group 101 512000 64000 128000 conform-action set-prec-transmit 1 exceed-action continue rate-limit output 256000 16000 24000 conform-action set-prec-transmit 0 exceed-action drop!access-list 101 permit tcp any any eq wwwaccess-list 101 permit tcp any eq www any



The customer can send or receive up to 128 kbps of premium traffic:

• Premium traffic is marked with Precedence 1.

• Excess premium traffic is dropped. Non premium (best-effort) traffic is not rate-limited



ISPCustomer

Customer

2 Mbps

2 Mbps

Customer

2 Mbps

NAP

Internet

interface serial 0/0 rate-limit input access-group rate-limit 13 128000 16000 48000

conform-action transmit exceed-action drop rate-limit output access-group rate-limit 13 128000 16000 48000

conform-action transmit exceed-action drop!access-list rate-limit 13 1

interface serial 0/0 rate-limit input access-group rate-limit 13 128000 16000 48000

conform-action transmit exceed-action drop rate-limit output access-group rate-limit 13 128000 16000 48000

conform-action transmit exceed-action drop!access-list rate-limit 13 1


CAR: Precedence Spoofing Example #4

If a customer is trying to spoof a service provider with high-precedence traffic, the traffic is dropped:

• Drop all non-Precedence-0 traffic received from a customer.

ISPCustomer

Customer

2 Mbps

2 Mbps

Customer

2 Mbps

NAP

Internet

interface serial 0/0 rate-limit input access-group rate-limit 1 64000 8000 8000 conform-action drop exceed-action drop!access-list rate-limit 1 mask FE

interface serial 0/0 rate-limit input access-group rate-limit 1 64000 8000 8000 conform-action drop exceed-action drop!access-list rate-limit 1 mask FE



Application: Web server collocation:• The customer can locate a server at service provider

premises (switched LAN).• CAR is used to limit the amount of traffic the web server can

generate.• Unknown traffic that is rate-limited to 64 kbps to allow remote

configuration of new servers.

Alternate application: central site in an enterprise network



Server

LAN SwitchServer

Server

DistributionRouter

Core Network

interface FastEthernet 0/0 rate-limit input access-group rate-limit 100 10000000 100000 100000 conform-action transmit exceed-action drop rate-limit output access-group rate-limit 100 10000000 100000 100000

conform-action transmit exceed-action drop rate-limit input 64000 8000 24000 conform-action transmit exceed-action drop rate-limit output 64000 8000 24000 conform-action transmit exceed-action drop!access-list rate-limit 100 00ae.0123.abcd ! Server MAC address

interface FastEthernet 0/0 rate-limit input access-group rate-limit 100 10000000 100000 100000 conform-action transmit exceed-action drop rate-limit output access-group rate-limit 100 10000000 100000 100000

conform-action transmit exceed-action drop rate-limit input 64000 8000 24000 conform-action transmit exceed-action drop rate-limit output 64000 8000 24000 conform-action transmit exceed-action drop!access-list rate-limit 100 00ae.0123.abcd ! Server MAC address


CAR: Marking Example #6

CoreCustomer

WAN

interface ethernet 0/0 rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 2 exceed-action drop!interface ethernet 0/1 rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 0 exceed-action drop!

interface ethernet 0/0 rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 2 exceed-action drop!interface ethernet 0/1 rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 0 exceed-action drop!

• CAR can be used purely for marking purposes.


CAR: Marking Example #7

Core

Customer

WAN

interface ethernet 0/0 rate-limit input access-group 101 10000000 8000 8000 conform-action set-prec-transmit 2 exceed-action drop rate-limit input access-group 102 10000000 8000 8000 conform-action set-prec-transmit 1 exceed-action drop rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 0 exceed-action drop!access-list 101 permit tcp any any eq telnetaccess-list 102 permit tcp any any eq www

interface ethernet 0/0 rate-limit input access-group 101 10000000 8000 8000 conform-action set-prec-transmit 2 exceed-action drop rate-limit input access-group 102 10000000 8000 8000 conform-action set-prec-transmit 1 exceed-action drop rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 0 exceed-action drop!access-list 101 permit tcp any any eq telnetaccess-list 102 permit tcp any any eq www


Summary

Upon completing this lesson, you should be able to: Describe the CAR mechanism Describe the benefits and drawbacks of CAR Describe the differences between CAR, GTS, and

FRTS Configure CAR on Cisco routers Monitor and troubleshoot CAR


Lesson Review

1.What classification options does CAR support?

2.What are the main differences between CAR and traffic shaping?

3.Where can CAR be implemented?


Module Summary

After completing this module, you should be able to perform the following tasks: Describe and configure generic traffic shaping (GTS) Describe and configure Frame Relay traffic shaping (FRTS) Describe and configure committed access rate (CAR) Name other mechanisms that support traffic shaping and

policing (class-based policing and class-based shaping)

© 2001, cisco systems, inc. traffic shaping and policing

Documents

policing traffic

shaping slide

policing slide

policing benefits of

cisco systems

excess traffic

typical traffic

drawbacks of traffic