© 2001, cisco systems, inc. traffic shaping and policing
TRANSCRIPT
© 2001, Cisco Systems, Inc.
Traffic Shaping and Policing
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-2
Objectives
Upon completing this module, you will be able to: Describe and configure generic traffic shaping (GTS) Describe and configure Frame Relay traffic shaping
(FRTS) Describe and configure committed access rate (CAR) Name other mechanisms that support traffic shaping
and policing (class-based policing and class-based shaping)
© 2001, Cisco Systems, Inc.
Traffic Shaping and Policing Overview
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-4
Objectives
Upon completing this lesson, you will be able to: Describe the need for implementing traffic policing
and shaping mechanisms List traffic policing and shaping mechanisms available
in Cisco IOS Describe the benefits and drawbacks of traffic
shaping and policing mechanisms
Inner Mongolia University5© 2001, Cisco Systems, Inc. QOS v1.0—4-5
Traffic Shaping and Policing
Traffic shaping and policing mechanisms are used to rate-limit traffic classes.
They have to be able to classify packets and meter their rate of arrival. Traffic shaping delays excess packets so that they stay within the rate limit. Traffic policing typically drops excess traffic so that it stays within the limit;
alternatively, it can remark excess traffic.
Classifier Marker Dropper
Meter
TrafficStream
Inner Mongolia University6© 2001, Cisco Systems, Inc. QOS v1.0—4-6
Why Use Rate Limiting?
To handle congestion at ingress to ATM/Frame Relay network with asymmetric link bandwidths
To limit access to resources when high-speed access is used but not desired
To limit certain applications or classes To implement a virtual TDM system
Inner Mongolia University7© 2001, Cisco Systems, Inc. QOS v1.0—4-7
Typical Traffic Shaping or Policing Applications
Low-SpeedLink
High-SpeedLink
Output interface is not congested; queuing and WRED do not work.
Output interface is not congested; queuing and WRED do not work.
Congestion in WAN network results in nonintelligent Layer 2 drops.
Congestion in WAN network results in nonintelligent Layer 2 drops.
ServerFarm
WAN
Internet
Fa
stE
the
rne
t
256 kbps
64 kbps
128 kbps
Access to resources is limited. Access to resources is limited.
A virtual TDM or leased line is implemented over a single physical link on one side
A virtual TDM or leased line is implemented over a single physical link on one side
Inner Mongolia University8© 2001, Cisco Systems, Inc. QOS v1.0—4-8
Shaping vs. Policing
Benefits of shaping:• Shaping does not drop packets.
• Shaping supports interaction with Frame Relay congestion indication.
Benefits of policing:• Policing supports marking.
• Buffer usage is not increased (shaping requires an additional queuing system).
Inner Mongolia University9© 2001, Cisco Systems, Inc. QOS v1.0—4-9
How Do Routers Measure Traffic Rate?
Routers use the token bucket mathematical model to keep track of packet arrival rate.
The token bucket model is used whenever a new packet is processed. The return value is conform or exceed.
Bandwidth
Time
Link Bandwidth
Rate Limit
Exceeding Traffic
Conforming Traffic
Inner Mongolia University10© 2001, Cisco Systems, Inc. QOS v1.0—4-10
700700200200
Token Bucket
500 bytes500 bytes 500 bytesConform Action
Inner Mongolia University11© 2001, Cisco Systems, Inc. QOS v1.0—4-11
200200
Token Bucket (cont.)
300 bytes300 bytes Exceed Action300 b
ytes
Inner Mongolia University12© 2001, Cisco Systems, Inc. QOS v1.0—4-12
Token Bucket
Bc is normal burst size (specifies sustained rate)
Be is excess burst size (specifies length of burst)
Bc + Be
Bc of tokens is added every Tc [ms]
Tc = Bc / CIR
Time
LinkUtilization
Tc 2*Tc 3*Tc 4*Tc 5*Tc
Bc Bc Bc Bc Bc Bc
Link BW
Average BW(CIR)
Be
Inner Mongolia University13© 2001, Cisco Systems, Inc. QOS v1.0—4-13
Traffic Shaping and Policing Mechanisms
Shaping mechanisms:• Generic traffic shaping (GTS)
• Frame Relay traffic shaping (FRTS)
• Class-based shaping Policing mechanisms:
• Committed access rate (CAR)
• Class-based policing
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-14
Summary
Upon completing this lesson, you should be able to: Describe the need for implementing traffic policing
and shaping mechanisms List traffic policing and shaping mechanisms available
in Cisco IOS Describe the benefits and drawbacks of traffic
shaping and policing mechanisms
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-15
Lesson Review
1.How do shaping and policing mechanisms keep track of the traffic rate?
2.Which shaping mechanisms are available with Cisco IOS software?
3.Which policing mechanisms are available with Cisco IOS software?
4.What are the main differences between shaping and policing?
© 2001, Cisco Systems, Inc.
Generic Traffic Shaping
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-17
Objectives
Upon completing this lesson, you will be able to: Describe the GTS mechanism Describe the benefits and drawbacks of GTS Configure GTS on Cisco routers Monitor and troubleshoot GTS
Inner Mongolia University18© 2001, Cisco Systems, Inc. QOS v1.0—4-18
Generic Traffic Shaping
Can shape multiple classes (classification) Can measure traffic rate of individual classes
(metering) Delays packets of exceeding classes (shaping)
TrafficStream
Classifier MarkerShaperDropper
Meter
Inner Mongolia University19© 2001, Cisco Systems, Inc. QOS v1.0—4-19
GTS Building Blocks
Classifier
Classifier
Classifier
No
No
NoPhysical Interface
Queue(s)
ShapingWFQ
Yes
Yes
Yes
ShapingWFQ
ShapingWFQ
No
No
No
Yes
Yes
Yes
Forwarder
Inner Mongolia University20© 2001, Cisco Systems, Inc. QOS v1.0—4-20
GTS Overview
GTS is multiprotocol. GTS uses WFQ for the shaping queue. GTS can be implemented in combination with any
queuing mechanisms:• FIFO queuing
• Priority queuing (PQ)
• Custom queuing (CQ)
• Weighted fair queuing (WFQ) GTS works on output only.
Inner Mongolia University21© 2001, Cisco Systems, Inc. QOS v1.0—4-21
GTS Implementation
The software queue may have no function if the sum of all shaping rates is less than the link bandwidth.
ShapingQueue
(WFQ)
ShapingQueue
(WFQ)
SoftwareQueue(FIFO, PQ,
CQ, WFQ, ...)
SoftwareQueue(FIFO, PQ,
CQ, WFQ, ...)
HardwareQueue
(FIFO)
HardwareQueue
(FIFO)
Dispatches packets at
configured rate
Dispatches packets at
configured rate
Dispatches packets at line
rate
Dispatches packets at line
rate
Dispatches packets at line
rate
Dispatches packets at line
rate
Bypasses the software queue if it is empty and there is room
in the hardware queue
Bypasses the software queue if it is empty and there is room
in the hardware queue
Inner Mongolia University22© 2001, Cisco Systems, Inc. QOS v1.0—4-22
Configuring GTS
• Enables traffic shaping of all outbound (sub)interface traffic
• In IOS versions prior to 11.2(19) and 12.0(4), optimum switching is disabled on all interfaces if traffic shaping is enabled on any interface
traffic-shape rate bit-rate [burst-size [excess-burst-size]]traffic-shape rate bit-rate [burst-size [excess-burst-size]]
Router(config-if)#
Inner Mongolia University23© 2001, Cisco Systems, Inc. QOS v1.0—4-23
Configuring GTS (cont.)
• Bit rate: average traffic rate in bps (equivalent to Frame Relay CIR)
• Burst size: amount of traffic sent in a measurement interval in bits (equivalent to Frame Relay Bc)
Default value: 1/8 of bit rate
traffic-shape rate bit-rate [burst-size [excess-burst-size]]traffic-shape rate bit-rate [burst-size [excess-burst-size]]
Router(config-if)#
Inner Mongolia University24© 2001, Cisco Systems, Inc. QOS v1.0—4-24
Configuring GTS (cont.)
•Excess burst size: amount of excess traffic that can be sent during the first burst in bps (equivalent to Frame Relay Be)
–Default value: no excess burst
•Measurement interval (Tc): computed from bit rate and burst size
–Tc smaller than 25 ms is rejected: Tc greater than 125 ms is reduced
traffic-shape rate bit-rate [burst-size [excess-burst-size]]traffic-shape rate bit-rate [burst-size [excess-burst-size]]
Router(config-if)#
Inner Mongolia University25© 2001, Cisco Systems, Inc. QOS v1.0—4-25
Configuring GTS (cont.)
• Traffic-shape group shapes outbound traffic matched by the specified access list.
• Several traffic-shape group commands can be configured on the same interface.
• The traffic-shape rate and traffic-shape group commands cannot be mixed on the same interface.
• A separate token bucket and shaping queue is maintained for each traffic-shape group command.
• Traffic not matching any access list is not shaped.
traffic-shape group access-list bit-rate [burst [excess-burst]]traffic-shape group access-list bit-rate [burst [excess-burst]]
Router(config-if)#
Inner Mongolia University26© 2001, Cisco Systems, Inc. QOS v1.0—4-26
GTSExample #1
An ISP wants to sell a service in which a customer may use all of an E1 line for 30 seconds in a burst, but on a long-term average is limited to 256 kbps.
GTS parameters:• Bit rate: 256,000—output rate is 256,000 bps• Burst size—32,000 the number of bits sent in 125 ms• Excess burst size: 61,440,000 = 2,048,000 x 30
Inner Mongolia University27© 2001, Cisco Systems, Inc. QOS v1.0—4-27
Core
Customer
GTSExample #1 (cont.)
interface ethernet0/0 traffic-shape rate 256000 32000 61440000!interface serial1/0 traffic-shape rate 256000 32000 61440000
interface ethernet0/0 traffic-shape rate 256000 32000 61440000!interface serial1/0 traffic-shape rate 256000 32000 61440000
• Because the ISP wants to control the total amount of load, the configuration would be done on both the inbound and outbound interfaces.
WAN
Inner Mongolia University28© 2001, Cisco Systems, Inc. QOS v1.0—4-28
Core
Customer
GTSExample #2
• The customer wants to be sure that web traffic will never use more than 64 kbps.
WAN
interface ethernet 0/0 traffic-shape group 101 64000interface serial 1/0 traffic-shape group 101 64000!access-list 101 permit tcp any any eq www
interface ethernet 0/0 traffic-shape group 101 64000interface serial 1/0 traffic-shape group 101 64000!access-list 101 permit tcp any any eq www
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-29
Monitoring GTS
Router#show traffic-shape access Target Byte Sustain Excess Interval Increment Adapt I/F list Rate Limit bits/int bits/int (ms) (bytes) Active Se3/3 100000 2000 8000 8000 80 1000 -
Router#show traffic-shape access Target Byte Sustain Excess Interval Increment Adapt I/F list Rate Limit bits/int bits/int (ms) (bytes) Active Se3/3 100000 2000 8000 8000 80 1000 -
CIR Bc
Be
Tc=Bc/CIR
MAX = (Bc + Be)/8 Bc = Tc * CIR
Do we listen to FECN/BECN?
• Displays current traffic shaping configuration
show traffic-shapeshow traffic-shape
Router(config)#
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-30
Monitoring GTS (cont.)
Router#show traffic-shape statistics Access Queue Packets Bytes Packets Bytes Shaping I/F List Depth Delayed Delayed Active Se3/3 77 16091 3733112 414 96048 yes
Router#show traffic-shape statistics Access Queue Packets Bytes Packets Bytes Shaping I/F List Depth Delayed Delayed Active Se3/3 77 16091 3733112 414 96048 yes
Depth of the associated WFQ queue for delayed packets
Number of packets/bytes sent on the interface
Subset of the previous number of packets/bytes
delayed via the WFQ queue
• Displays traffic shaping statistics
show traffic-shape statisticsshow traffic-shape statistics
Router(config)#
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-31
Monitoring GTS (cont.)
router#show traffic-shape queue Traffic queued in shaping queue on Serial0 (depth/weight) 1/4096 Conversation 254, linktype: ip, length: 232 source: 1.1.1.1, destination: 1.1.2.47, id: 0x0001, ttl: 208, TOS: 0 prot: 17, source port 11111, destination port 22222
router#show traffic-shape queue Traffic queued in shaping queue on Serial0 (depth/weight) 1/4096 Conversation 254, linktype: ip, length: 232 source: 1.1.1.1, destination: 1.1.2.47, id: 0x0001, ttl: 208, TOS: 0 prot: 17, source port 11111, destination port 22222
• Displays the shaping queue contents
show traffic-shape queueshow traffic-shape queue
Router(config)#
Inner Mongolia University32© 2001, Cisco Systems, Inc. QOS v1.0—4-32
GTS on Frame Relay Interfaces
GTS can be implemented on any type of (sub)interface.
GTS supports additional features when implemented on Frame Relay interfaces:
• Adaptation to Frame Relay congestion notification
• BECN-to-FECN reflection
• FECN creation on congestion
Inner Mongolia University33© 2001, Cisco Systems, Inc. QOS v1.0—4-33
Frame Relay Refresher
Frame Relay explicit congestion notification• FECN (Forward explicit congestion notification)• BECN (Backward explicit congestion notification)• CLLM (Consolidated link layer management)
Implicit congestion notification• Network discards detected by end user at higher
layers• DE (discard eligibile) bit
Inner Mongolia University34© 2001, Cisco Systems, Inc. QOS v1.0—4-34
Frame 1 Frame 1 FECNFrame 1 FECN
Frame 2Frame 2 BECNFrame 2 BECN
Congestion This SideNo Congestion This Side
Switch monitors all transmit queues for
congestion.
Switch monitors all transmit queues for
congestion.
Sender
Receiver
FrameRelaySwitch
FrameRelaySwitch
Frame Relay FECN/BECN Congestion Control
Same Virtual Circuit (VC)
• Frame Relay switch detects congestion on output queue and informs:
– The receiver, by setting the FECN bit on forwarded frames
– The source, by setting the BECN bit on frames going in the opposite direction
Inner Mongolia University35© 2001, Cisco Systems, Inc. QOS v1.0—4-35
GTS Frame Relay Congestion Adaptability
On a Frame Relay (sub)interface, GTS can adapt dynamically to available Frame Relay bandwidth by integrating BECN signals:
• The GTS bit rate is reduced when BECN packets are received in order to reduce the data flow through the congested Frame Relay network.
• Adaptation is done on a per- (sub)interface basis.• The GTS bit rate is gradually increased when the congestion
is no longer present (no BECN packets are received anymore).
Inner Mongolia University36© 2001, Cisco Systems, Inc. QOS v1.0—4-36
GTS Frame Relay Congestion Adaptability Mechanisms
Bit-rate adaptation:• The traffic shaping bit rate is reduced when a packet with a
BECN bit is received in the Tc .
• The traffic shaping bit rate is increased if no BECN bits were received in the Tc .
FECN-to-BECN propagation:• A test packet with a BECN bit set is sent to the sender if a
packet with an FECN bit set is received.
Inner Mongolia University37© 2001, Cisco Systems, Inc. QOS v1.0—4-37
An Example of BECN Integration
BECN Integration
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Time Represented in Units of Tc
Inc
Ad
de
d E
ve
ry T
c i
n t
he
To
ke
n B
uc
ke
t
Inc
BECN
BECN
traffic-shape rate 64000 8000 8000traffic-shape adaptive 32000
BECN received at Tc #1 and Tc #3
Hypothesis: no idle traffic
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-38
Congestion
FECN-to-BECN Propagation
Sender
Receiver
If there is no reverse traffic, the switch is not able to set BECN in frames going back
to sender.
BECN in Q.922TestBECN in
Q.922Test
FECNFECN
FrameRelaySwitch
FrameRelaySwitch
Inner Mongolia University39© 2001, Cisco Systems, Inc. QOS v1.0—4-39
Configuring Bit-Rate Adaptation
• Configures traffic shaping Frame Relay bit-rate adaptation
bit-rate—lowest bit rate the traffic is shaped to in response to continuous BECN signals
Default: one-half the specified traffic shaping rate
• Traffic shaping has to be enabled
traffic-shape adaptive [bit-rate]traffic-shape adaptive [bit-rate]
Router(config-if)#
Inner Mongolia University40© 2001, Cisco Systems, Inc. QOS v1.0—4-40
• Configures the router to send Frame Relay TEST message with BECN bit set in response to receiving a frame with FECN bit set
• Can be used without adaptive traffic shaping
Configuring FECN-to-BECN Propagation
• Sets FECN bit in all outgoing packets that have been delayed due to traffic shaping
• Use for debugging/simulation only
traffic-shape fecn-adapttraffic-shape fecn-adapt
Router(config-if)#
traffic-shape fecn-createtraffic-shape fecn-create
Router(config-if)#
Inner Mongolia University41© 2001, Cisco Systems, Inc. QOS v1.0—4-41
GTS Frame Relay Adaptation Design
Conservative scenario: Set shaping rate to CIR Set minimum rate to MIR (or one-half CIR)
Optimistic scenario: Set shaping rate to EIR Set minimum rate to CIR
Realistic scenario: Set shaping rate to EIR Set minimum rate to MIR (or one-half CIR)
Inner Mongolia University42© 2001, Cisco Systems, Inc. QOS v1.0—4-42
Core
Customer
WAN
GTS Frame Relay Adaptation Example
interface serial 0/0 traffic-shape rate 64000 8000 8000 traffic-shape adaptive 48000
interface serial 0/0 traffic-shape rate 64000 8000 8000 traffic-shape adaptive 48000
• EIR = 64 kbps• CIR = 48 kbps• Assumption: Frame Relay network is usually not
congested.
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-43
Summary
Upon completing this lesson, you should be able to: Describe the GTS mechanism Describe the benefits and drawbacks of GTS Configure GTS on Cisco routers Monitor and troubleshoot GTS
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-44
Lesson Review
1.What software queuing mechanisms are supported in combination with GTS?
2.Which queuing structure does GTS use?
3.What features does GTS include when it is used on Frame Relay interfaces?
© 2001, Cisco Systems, Inc.
Committed Access Rate
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-46
Objectives
Upon completing this lesson, you will be able to: Describe the CAR mechanism Describe the benefits and drawbacks of CAR Describe the differences between CAR, GTS, and
FRTS Configure CAR on Cisco routers Monitor and troubleshoot CAR
Inner Mongolia University47© 2001, Cisco Systems, Inc. QOS v1.0—4-47
Committed Access Rate
Primarily intended for rate limiting Can be used on inbound and outbound traffic Does not queue (delay) packets Can also mark packets Can be implemented for differentiated marking
Classifier Marker Dropper
Meter
Inboundor
Outbound
Inner Mongolia University48© 2001, Cisco Systems, Inc. QOS v1.0—4-48
CAR on Input and Output
Inbound Classifier Marker Dropper
Meter
Outbound
Classifier Marker Dropper
Meter
Forwarding
Queuing
CAR on input is processed just before forwarding (most other QoS mechanisms are processed before CAR).
CAR on output is processed immediately after forwarding (most other QoS mechanisms are processed after CAR).
Inner Mongolia University49© 2001, Cisco Systems, Inc. QOS v1.0—4-49
CAR Implementation
The software queue may have no function if the sum of all CAR rates is less than the link bandwidth.
SoftwareQueue(FIFO, PQ,
CQ, WFQ, ...)
SoftwareQueue(FIFO, PQ,
CQ, WFQ, ...)
HardwareQueue
(FIFO)
HardwareQueue
(FIFO)
Dispatches packets at line
rate
Dispatches packets at line
rate
Dispatches packets at line
rate
Dispatches packets at line
rate
Bypasses the software queue if it is empty and there is
room in the hardware queue
Bypasses the software queue if it is empty and there is
room in the hardware queue
CARCAR
Dispatches packets at
configured rate
Dispatches packets at
configured rate
Inner Mongolia University50© 2001, Cisco Systems, Inc. QOS v1.0—4-50
Interface-Wide CAR Diagram
Class 1?Class 1?
Class 2?Class 2?
Class n?Class n?
CARCAR
CARCAR
CARCAR
continue
continue
transmit
transmit
transmit
drop
drop
drop
Output Queueor
Forward
• CAR has three different actions:– Transmit– Continue– Drop
Inner Mongolia University51© 2001, Cisco Systems, Inc. QOS v1.0—4-51
CAR Diagram
MeterMeter
Conforms?Conforms?
Set IP Precedence? Set IP Precedence?
Set DSCP?Set DSCP?
Set MPLS Experimental? Set MPLS Experimental?
Set QoS group? Set QoS group?
Mark?Mark?
Transmit?Transmit?Yes / No
Set IP PrecedenceSet IP Precedence
Set DSCPSet DSCP
Set MPLS ExperimentalSet MPLS Experimental
Set QoS GroupSet QoS Group
Continue?Continue?
Drop?Drop?
Yes
Yes
Yes
No
No
Forwardor
Enqueue
Go toNext
CAR Command
• Marking depends on whether the packet conforms to or exceeds the policy.
Yes
Yes
Yes
Yes
Inner Mongolia University52© 2001, Cisco Systems, Inc. QOS v1.0—4-52
Configuring CAR
• Specifies all four conditioner elements for a particular traffic class
• Repeat this command for different classes of traffic
• If a match is not found, the default action is to transmit
rate-limit {input | output} [access-group [rate-limit] #acl | qos-group number | dscp dscp] mean-rate Bc Be conform-action { drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue value set-dscp-transmit value | set-dscp-continue value | set-mpls-transmit value | set-mpls-continue value } exceed-action { drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue value set-dscp-transmit value | set-dscp-continue value | set-mpls-transmit value | set-mpls-continue value }
rate-limit {input | output} [access-group [rate-limit] #acl | qos-group number | dscp dscp] mean-rate Bc Be conform-action { drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue value set-dscp-transmit value | set-dscp-continue value | set-mpls-transmit value | set-mpls-continue value } exceed-action { drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue value set-dscp-transmit value | set-dscp-continue value | set-mpls-transmit value | set-mpls-continue value }
Router(config-if)#
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-53
CAR Classification
IP packets are classified:– Based on their direction (input or output)
Optional classification based on:– Numbered IP access list (standard or extended)– IP Precedence rate-limit access list – MAC address rate-limit access list– QoS group set by a previous conditioner in the same node– DSCP
rate-limit {input | output} [access-group [rate-limit] #acl | qos-group number | dscp dscp]
...
rate-limit {input | output} [access-group [rate-limit] #acl | qos-group number | dscp dscp]
...
Router(config-if)#
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-54
Null CAR Classifier
• Selects packets in ingress or egress direction that have not been classified with any previous rate-limit commands on this interface
• Usually used as the last rate-limit command on an interface
rate-limit {input | output} ...rate-limit {input | output} ...
Router(config-if)#
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-55
CAR ClassifierBased on IP Access List
• Configures an IP access list to be used as a packet classifier
• Classifies packets received over an interface with the IP access list
• Classification based on IP Precedence can be done with IP access list
rate-limit {input | output} access-group number ...rate-limit {input | output} access-group number ...
Router(config-if)#
access-list acl-index {deny | permit} source [source-wildcard]
access-list acl-index {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [dscp dscp] [log]
access-list acl-index {deny | permit} source [source-wildcard]
access-list acl-index {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [dscp dscp] [log]
Router(config)#
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-56
CAR Classifier Based on IP Precedence
The IP Precedence classifier uses rate-limit access lists from 1 to 99 to match on IP Precedence values.
rate-limit {input | output} access-group rate-limit number ...rate-limit {input | output} access-group rate-limit number ...
Router(config-if)#
Inner Mongolia University57© 2001, Cisco Systems, Inc. QOS v1.0—4-57
IP Precedence-BasedRate-Limit Access List
• ACL index is between 1 and 99• Matches packets with specified IP Precedence• Only one line is allowed in the access list
• ACL index is between 1 and 99• Matches packets that match any precedence value
specified in the mask• Precedence mask has one bit for each precedence
value (Bit 0 = Precedence 0)
access-list rate-limit acl-index precedenceaccess-list rate-limit acl-index precedence
Router(config)#
access-list rate-limit acl-index mask precedence-maskaccess-list rate-limit acl-index mask precedence-mask
Router(config)#
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-58
CAR Classifier Based on Upstream MAC Address
The upstream MAC address classifier uses rate-limit access lists from 100 to 199 to match on the MAC address of an upstream router or host.
rate-limit {input | output} access-group rate-limit number ...rate-limit {input | output} access-group rate-limit number ...
Router(config-if)#
Inner Mongolia University59© 2001, Cisco Systems, Inc. QOS v1.0—4-59
MAC Address Rate-Limit Access List
• ACL index is between 100 and 199• Matches packets received from upstream neighbor
with specified MAC address• Only the MAC address is allowed in the access list
(each upstream neighbor requires a different rate-limit statement)
access-list rate-limit acl-index mac-addressaccess-list rate-limit acl-index mac-address
Router(config)#
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-60
QoS Group CAR Classifier
Selects IP packets already marked in this node with specified QoS group
QoS group marking can be done through:– Policy-based routing
– CEF marking based on QPPB
– Inbound rate limit on another interface
– Inbound class-based marking on another interface
Available only on high-end platforms
rate-limit {input | output} qos-group number ...rate-limit {input | output} qos-group number ...
Router(config-if)#
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-61
DSCP-Based CAR Classifier
Selects IP packets marked with the specified DiffServ code point
DSCP marking could be done through:– Rate limiting on another interface or router
– Class-based marking on another interface or router
rate-limit {input | output} dscp dscp ...rate-limit {input | output} dscp dscp ...
Router(config-if)#
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-62
CAR Meter
The rate-limit meter measures the contract compliance of a traffic class selected with a classifier.
A modified token bucket algorithm is used:– mean-rate specifies average traffic rate.
– Bc specifies the normal burst size.
– Be specifies the excess burst size.
The token bucket size is defined by Be alone.
rate-limit {input | output}[access-group [rate-limit] number | qos-group number | dscp dscp]mean-rate Bc Be
...
rate-limit {input | output}[access-group [rate-limit] number | qos-group number | dscp dscp]mean-rate Bc Be
...
Router(config-if)#
Inner Mongolia University63© 2001, Cisco Systems, Inc. QOS v1.0—4-63
CAR Actions
CAR actions can be split into two subactions:• Marking action• Processing action
Marking actions support the setting of:• IP Precedence• DSCP• MPLS experimental bits• QoS group
Processing actions:• Transmit—packet is transmitted• Continue—packet is also processed by the next “rate-limit”
command• Drop—packet is dropped
Inner Mongolia University64© 2001, Cisco Systems, Inc. QOS v1.0—4-64
CAR Actions (cont.)
Processing actions “transmit,” “continue,” and “drop” can be used as standalone actions.
Processing actions “transmit” and “continue” can be combined with marking actions (set-mark_action-proc_action):
• set-prec-transmit• set-qos-transmit• set-mpls-transmit• set-dscp-transmit• set-prec-continue• set-qos-continue• set-mpls-continue• set-dscp-continue
Inner Mongolia University65© 2001, Cisco Systems, Inc. QOS v1.0—4-65
CAR Actions (cont.)
Conforming and exceeding packets can be configured with different actions.
There are three typical uses of CAR:• Pure rate limiting:
– Transmit conforming packets– Drop exceeding packets
• Differentiated marking:– Transmit conforming packets with marker value x (e.g., IP Precedence 3)– Transmit exceeding packets with marker value y (e.g., IP Precedence 2)
• Pure marking:– Transmit confirming and exceeding packets with the same marker value
Inner Mongolia University66© 2001, Cisco Systems, Inc. QOS v1.0—4-66
Displaying CAR Parameters and Statistics
Router#show interfaces serial 0/0 rate-limitSerial0 Input matches: qos-group 4 params: 128000 bps, 64000 limit, 128000 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: set-prec-transmit 0 last packet: 421250660ms ago, current burst: 0 bytes last cleared 00:00:59 ago, conformed 0 bps, exceeded 0 bps Output matches: access-group 181 params: 8000 bps, 8000 limit, 16000 extended limit conformed 19 packets, 21576 bytes; action: set-prec-transmit 3 exceeded 5 packets, 7520 bytes; action: drop last packet: 145344ms ago, current burst: 11552 bytes last cleared 00:03:01 ago, conformed 0 bps, exceeded 0 bps
Router#show interfaces serial 0/0 rate-limitSerial0 Input matches: qos-group 4 params: 128000 bps, 64000 limit, 128000 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: set-prec-transmit 0 last packet: 421250660ms ago, current burst: 0 bytes last cleared 00:00:59 ago, conformed 0 bps, exceeded 0 bps Output matches: access-group 181 params: 8000 bps, 8000 limit, 16000 extended limit conformed 19 packets, 21576 bytes; action: set-prec-transmit 3 exceeded 5 packets, 7520 bytes; action: drop last packet: 145344ms ago, current burst: 11552 bytes last cleared 00:03:01 ago, conformed 0 bps, exceeded 0 bps
• Displays CAR parameters and statistics
show interfaces intf rate-limitshow interfaces intf rate-limit
Router#
Inner Mongolia University67© 2001, Cisco Systems, Inc. QOS v1.0—4-67
Display Rate-LimitAccess Lists
Router#show access-lists rate-limitRate-limit access list 10 1Rate-limit access list 11 mask 81Rate-limit access list 120 4000.1234.ABCD
Router#show access-lists rate-limitRate-limit access list 10 1Rate-limit access list 11 mask 81Rate-limit access list 120 4000.1234.ABCD
• List rate-limit access lists
show access-lists rate-limitshow access-lists rate-limit
Router(config)#
Inner Mongolia University68© 2001, Cisco Systems, Inc. QOS v1.0—4-68
CAR: Limiting Example #1
A service provider connects all its customers via 2 Mbps physical leased lines (or ADSL links) and uses CAR to limit the actual amount of traffic the user can send or receive.
In addition, several differentiated services could be provided based on customer needs.
Inner Mongolia University69© 2001, Cisco Systems, Inc. QOS v1.0—4-69
CAR: Limiting Example #1 (cont.)
ISPCustomer
Customer
2 Mbps
2 Mbps
Customer
2 Mbps
NAP
Internet
interface serial 0/0rate-limit input 256000 4000 96000 conform-action transmit exceed-action droprate-limit output 256000 4000 96000 conform-action transmit exceed-action drop
interface serial 0/0rate-limit input 256000 4000 96000 conform-action transmit exceed-action droprate-limit output 256000 4000 96000 conform-action transmit exceed-action drop
Inner Mongolia University70© 2001, Cisco Systems, Inc. QOS v1.0—4-70
CAR: Limiting and Marking Example #2
Web traffic is limited to 512 kbps and transmitted with higher precedence:
• Excess web traffic is classified as regular traffic.
All other traffic is limited to 256 kbps and transmitted with Precedence 0:
• Excess traffic is dropped.• Burst size is 16,000 bytes.• Excess burst size is 24,000 bytes.
Inner Mongolia University71© 2001, Cisco Systems, Inc. QOS v1.0—4-71
CAR: Limiting and Marking Example #2 (cont.)
ISPCustomer
2 Mbps
NAP
Internet
interface serial 0/0 rate-limit input access-group 101 512000 64000 128000 conform-action set-prec-transmit 1 exceed-action continue rate-limit input 256000 16000 24000 conform-action set-prec-transmit 0 exceed-action drop rate-limit output access-group 101 512000 64000 128000 conform-action set-prec-transmit 1 exceed-action continue rate-limit output 256000 16000 24000 conform-action set-prec-transmit 0 exceed-action drop!access-list 101 permit tcp any any eq wwwaccess-list 101 permit tcp any eq www any
interface serial 0/0 rate-limit input access-group 101 512000 64000 128000 conform-action set-prec-transmit 1 exceed-action continue rate-limit input 256000 16000 24000 conform-action set-prec-transmit 0 exceed-action drop rate-limit output access-group 101 512000 64000 128000 conform-action set-prec-transmit 1 exceed-action continue rate-limit output 256000 16000 24000 conform-action set-prec-transmit 0 exceed-action drop!access-list 101 permit tcp any any eq wwwaccess-list 101 permit tcp any eq www any
Inner Mongolia University72© 2001, Cisco Systems, Inc. QOS v1.0—4-72
CAR: Limiting Example #3
The customer can send or receive up to 128 kbps of premium traffic:
• Premium traffic is marked with Precedence 1.
• Excess premium traffic is dropped. Non premium (best-effort) traffic is not rate-limited
Inner Mongolia University73© 2001, Cisco Systems, Inc. QOS v1.0—4-73
CAR: Limiting Example #3 (cont.)
ISPCustomer
Customer
2 Mbps
2 Mbps
Customer
2 Mbps
NAP
Internet
interface serial 0/0 rate-limit input access-group rate-limit 13 128000 16000 48000
conform-action transmit exceed-action drop rate-limit output access-group rate-limit 13 128000 16000 48000
conform-action transmit exceed-action drop!access-list rate-limit 13 1
interface serial 0/0 rate-limit input access-group rate-limit 13 128000 16000 48000
conform-action transmit exceed-action drop rate-limit output access-group rate-limit 13 128000 16000 48000
conform-action transmit exceed-action drop!access-list rate-limit 13 1
Inner Mongolia University74© 2001, Cisco Systems, Inc. QOS v1.0—4-74
CAR: Precedence Spoofing Example #4
If a customer is trying to spoof a service provider with high-precedence traffic, the traffic is dropped:
• Drop all non-Precedence-0 traffic received from a customer.
ISPCustomer
Customer
2 Mbps
2 Mbps
Customer
2 Mbps
NAP
Internet
interface serial 0/0 rate-limit input access-group rate-limit 1 64000 8000 8000 conform-action drop exceed-action drop!access-list rate-limit 1 mask FE
interface serial 0/0 rate-limit input access-group rate-limit 1 64000 8000 8000 conform-action drop exceed-action drop!access-list rate-limit 1 mask FE
Inner Mongolia University75© 2001, Cisco Systems, Inc. QOS v1.0—4-75
CAR: Limiting Example #5
Application: Web server collocation:• The customer can locate a server at service provider
premises (switched LAN).• CAR is used to limit the amount of traffic the web server can
generate.• Unknown traffic that is rate-limited to 64 kbps to allow remote
configuration of new servers.
Alternate application: central site in an enterprise network
Inner Mongolia University76© 2001, Cisco Systems, Inc. QOS v1.0—4-76
CAR: Limiting Example #5 (cont.)
Server
LAN SwitchServer
Server
DistributionRouter
Core Network
interface FastEthernet 0/0 rate-limit input access-group rate-limit 100 10000000 100000 100000 conform-action transmit exceed-action drop rate-limit output access-group rate-limit 100 10000000 100000 100000
conform-action transmit exceed-action drop rate-limit input 64000 8000 24000 conform-action transmit exceed-action drop rate-limit output 64000 8000 24000 conform-action transmit exceed-action drop!access-list rate-limit 100 00ae.0123.abcd ! Server MAC address
interface FastEthernet 0/0 rate-limit input access-group rate-limit 100 10000000 100000 100000 conform-action transmit exceed-action drop rate-limit output access-group rate-limit 100 10000000 100000 100000
conform-action transmit exceed-action drop rate-limit input 64000 8000 24000 conform-action transmit exceed-action drop rate-limit output 64000 8000 24000 conform-action transmit exceed-action drop!access-list rate-limit 100 00ae.0123.abcd ! Server MAC address
Inner Mongolia University77© 2001, Cisco Systems, Inc. QOS v1.0—4-77
CAR: Marking Example #6
CoreCustomer
WAN
interface ethernet 0/0 rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 2 exceed-action drop!interface ethernet 0/1 rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 0 exceed-action drop!
interface ethernet 0/0 rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 2 exceed-action drop!interface ethernet 0/1 rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 0 exceed-action drop!
• CAR can be used purely for marking purposes.
Inner Mongolia University78© 2001, Cisco Systems, Inc. QOS v1.0—4-78
CAR: Marking Example #7
Core
Customer
WAN
interface ethernet 0/0 rate-limit input access-group 101 10000000 8000 8000 conform-action set-prec-transmit 2 exceed-action drop rate-limit input access-group 102 10000000 8000 8000 conform-action set-prec-transmit 1 exceed-action drop rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 0 exceed-action drop!access-list 101 permit tcp any any eq telnetaccess-list 102 permit tcp any any eq www
interface ethernet 0/0 rate-limit input access-group 101 10000000 8000 8000 conform-action set-prec-transmit 2 exceed-action drop rate-limit input access-group 102 10000000 8000 8000 conform-action set-prec-transmit 1 exceed-action drop rate-limit input 10000000 8000 8000 conform-action set-prec-transmit 0 exceed-action drop!access-list 101 permit tcp any any eq telnetaccess-list 102 permit tcp any any eq www
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-79
Summary
Upon completing this lesson, you should be able to: Describe the CAR mechanism Describe the benefits and drawbacks of CAR Describe the differences between CAR, GTS, and
FRTS Configure CAR on Cisco routers Monitor and troubleshoot CAR
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-80
Lesson Review
1.What classification options does CAR support?
2.What are the main differences between CAR and traffic shaping?
3.Where can CAR be implemented?
Inner Mongolia University© 2001, Cisco Systems, Inc. QOS v1.0—4-81
Module Summary
After completing this module, you should be able to perform the following tasks: Describe and configure generic traffic shaping (GTS) Describe and configure Frame Relay traffic shaping (FRTS) Describe and configure committed access rate (CAR) Name other mechanisms that support traffic shaping and
policing (class-based policing and class-based shaping)