Traffic Shaping and Policing

4 Traffic Shaping and Policing Overview This module describes for the QoS mechanisms that are used to limit the available bandwidth to traffic classes. It discusses two options traffic policing and traffic shaping. Committed Access Rate (CAR) is discussed as a mechanism to provide traffic policing. Generic Traffic Shaping (GTS) and Frame Relay Traffic Shaping (FRTS) are discussed as traffic shaping mechanisms. It includes the following topics: Traffic Shaping and Policing Generic Traffic Shaping Frame Relay Traffic Shaping Committed Access Rate Objectives Upon completion of this module, you will be able to perform the following tasks: Describe and configure Generic Traffic Shaping (GTS) Describe and configure Frame Relay Traffic Shaping (FRTS) Describe and configure Committed Access Rate (CAR) Identify other mechanisms that support traffic shaping and policing (Classbased Policing and Class-based Shaping)

Traffic Shaping and Policing Overview Objectives The lesson introduces mechanisms for traffic policing and traffic shaping. Committed Access Rate (CAR), Generic Traffic Shaping (GTS) and Frame Relay Traffic Shaping (FRTS) are introduced in this section. Upon completion of this lesson, you will be able to perform the following tasks: Describe the need for implementing traffic policing and shaping mechanisms List traffic policing and shaping mechanisms available in Cisco IOS Describe the benefits and drawbacks of traffic shaping and policing mechanisms 4-2 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Traffic Shaping and Policing Meter Traffic stream Classifier Marker Dropper Traffic Shaping and Policing mechanisms are used to rate-limit traffic classes They have to be able to classify packets and meter their rate of arrival Traffic Shaping delays excess packets to stay within the rate limit Traffic Policing typically drops excess traffic to stay within the limit; alternatively it can remark excess traffic 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-5 Both shaping and policing mechanisms are used in a network to control the rate at which traffic is admitted into the network. Both mechanisms use classification, so they can differentiate traffic. They also use metering to measure the rate of traffic and compare it to the configured shaping or policing policy. The difference between shaping and policing can be described in terms of their rate-limiting implementation: Shaping meters the traffic rate and delays excessive traffic so that it stays within the desired rate limit. With shaping, traffic bursts are smoothed out producing a steadier flow of data. Reducing traffic bursts helps reduce congestion in the core of the network. Policing drops excess traffic in order to control traffic flow within specified limits. Policing does not introduce any delay to traffic that conforms to traffic policies. It can however, cause more TCP retransmissions, because traffic in excess of specified limits is dropped. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-3

Why Use Rate Limiting To handle congestion at ingress to ATM/FR network with asymmetric link bandwidths To limit access to resources when highspeed access is used but not desired To limit certain applications or classes To implement a virtual TDM system 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-6 Rate limiting is typically used to satisfy one of the following requirements: Prevent and manage congestion in ATM and Frame Relay networks, where asymmetric bandwidths are used along the traffic path. This prevents the layer-2 network from dropping large amounts of traffic by differentiately dropping excess traffic at ingress to the ATM or Frame Relay networks based on Layer-3 information (for example: IP precedence, DSCP, access list, protocol type, etc.) Limit the access rate on an interface when high-speed physical infrastructure is used in transport, but sub-rate access is desired. Engineer bandwidth so that traffic rates to certain applications or classes of traffic follow a specified traffic-rate policy. Implement a virtual TDM system, where an IP network is used, but has the bandwidth characteristics of a TDM system (that is, fixed maximum available bandwidth). Inbound and outbound policing can, for example, be used on one router to split a single point-to-point link into two or more virtual point-to-point links by assigning a portion of the bandwidth to each class, thus preventing any class from monopolizing the link in either direction. 4-4 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Typical Traffic Shaping or Policing Applications High-speed link WAN Low-speed link Output interface is not congested queuing and WRED do not work Congestion in WAN network results in non-intelligent layer- 2 drops 256 kbps 64 kbps 128 kbps FastEthernet Limiting access to resources Implementing a virtual TDM or Leased line over a single physical link on one side Server Farm Internet 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-7 The figure shows three possible applications of rate-limiting (shaping or policing) mechanisms. The first picture shows a Layer-2 WAN with unequal link bandwidths along a Layer-3 path. The ingress (left side) of the network has a highspeed link available into the Layer-2 backbone, which enables it to send traffic at a high rate. At the egress side, the sent traffic hits a low-speed link, and the Layer-2 network is forced to drop a large amount of traffic. If traffic were rate-limited at the ingress, optimal traffic flow occurs, resulting in minimal dropping by the Layer- 2 network. The second picture shows a hosting farm, which is accessible from the Internet via a shared link. Depending on the service contract, the hosting provider may offer different bandwidth guarantees to customers, and may want to limit the resources a particular server uses. Rate limiting can be used to divide the shared resource (upstream link) between many servers. The third example shows the option of implementing virtual leased lines over a Layer-3 infrastructure, where rate-limited reserved bandwidth is available over a shared link. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-5

Shaping vs. Policing Benefits of Shaping Shaping does not drop packets Shaping supports interaction with Frame Relay congestion indication Benefits of Policing Policing supports marking Less buffer usage (shaping requires an additional queuing system) 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-8 A shaper typically delays excess traffic using a buffer, or mechanism, to hold packets and shape the flow when the data rate of the source is higher than expected. Traffic shaping smoothes traffic by storing traffic above the configured rate in a queue. Therefore, shaping increases buffer utilization on a router, but causes non-deterministic packet delays. Shaping can also interact with a Frame Relay network, adapting to indications of Layer-2 congestion in the WAN. A policer typically: Drops non-conforming traffic Supports marking of traffic Is more efficient in terms of memory utilization (no additional buffering of packets in needed) Does not increase buffer usage Both policing and shaping ensure that traffic does not exceed a bandwidth limit, but they have different impacts on the traffic: Policing drops packets more often, generally causing more retransmissions of connection-oriented protocols Shaping adds variable delay to traffic, possibly causing jitter 4-6 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

How do Routers Measure Traffic Rate Bandwidth Link bandwidth Conforming Traffic Exceeding traffic Rate limit Time Routers use the Token Bucket mathematical model to keep track of packet arrival rate The Token Bucket model is used whenever a new packet is processed The return value is conformor exceed 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-9 In order to perform rate limiting, routers must meter (or measure) traffic rates through their interfaces. To enforce a rate limit, metered traffic is said to: Conform to the rate limit, if the rate of traffic is below or equal to the configured rate limit Exceed the rate limit, if the rate of traffic is above the configured rate limit The metering is usually performed with an abstract model called a token bucket, which is used when processing each packet. The token bucket can calculate whether the current packet conforms or exceeds the configured rate limit on an interface. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-7

Token Bucket 700 200 500 bytes Conform Action 500 bytes 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -10 The token bucket is a mathematical model used in a device that regulates the data flow. The mode has two basic components: Tokens: where each token represents the permission to send a fixed number of bits into the network The bucket: which has the capacity to hold a specified amount of tokens Tokens are put into the bucket at a certain rate by the operating system. Each incoming packet, if forwarded, takes tokens from the bucket, representing the packet s size. If the bucket fills to capacity, newly arriving tokens are discarded. Discarded tokens are not available to future packets. If there are not enough tokens in the bucket to send the packet, the regulator may: Wait for enough tokens to accumulate in the bucket (traffic shaping) Discard the packet (policing) The figure shows a token bucket, with the current capacity of 700 bytes. When a 500-byte packet arrives at the interface, its size is compared to the bucket capacity (in bytes). The packet conforms to the rate limit (500 bytes < 700 bytes), and the packet is forwarded. 500 tokens are taken out of the token bucket leaving 200 tokens for the next packet. 4-8 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Token Bucket 200 300 bytes Exceed Action 300 bytes 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -11 When the next packet arrives immediately after the first packet, and no new tokens have been added to the bucket (which is done periodically), the packet exceeds the rate limit. The packet size is greater than the current capacity of the bucket, and the exceed action is performed (drop in the case of pure policing, delay in the case of shaping). Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-9

Token Bucket B c of tokens is added every T c [ms] T c = B c / CIR Link Utilization B e B c B c B c B c B c B c Link BW Average BW (CIR) T c 2*T c 3*T c 4*T c 5*T c Time B c + B e B c is normal burst size (specifies sustained rate) B e is excess burst size (specifies length of burst) 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -12 Token bucket implementations usually rely on three parameters: CIR, B c and B e. CIR is the Committed Information Rate (also called the committed rate, or the shaped rate). B c is known as the burst capacity. B e is known as the excess burst capacity. T c is an interval constant that represents time. A B c of tokens are forwarded without constraint in every T c interval. In the token bucket metaphor, tokens are put into the bucket at a certain rate, which is B c tokens every T c seconds. The bucket itself has a specified capacity. If the bucket fills to capacity (B c + B e ), it will overflow and therefore newly arriving tokens are discarded. Each token grants permission for a source to send a certain number of bits into the network. To send a packet, the regulator must remove, from the bucket, the number of tokens equal in representation to the packet size. For example, if 8000 bytes worth of tokens are placed in the bucket every 125 milliseconds, the router can steadily transmit 8000 bytes every 125 milliseconds, if traffic constantly arrives at the router. If there is no traffic at all, 8000 bytes per 125 milliseconds get accumulated in the bucket, up to the maximum size (B c +B e ). One second s accumulation therefore collects 64000 bytes worth of tokens, which can be transmitted immediately in the case of a burst. The upper limit, B c +B e, defines the maximum amount of data, which can be transmitted in a single burst, at the line rate. Note Again, note that the token bucket mechanism used for traffic shaping has both a token bucket and a queue used to delay packets. If the token bucket did not have a data buffer, it would be a policer. For traffic shaping, packets that arrive that cannot be sent immediately (because there are not enough tokens in the bucket) are delayed in the data buffer. 4-10 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Although token bucket permits burstiness, traffic bursts are bound. This guarantee is made so that traffic flow will never send faster than the token bucket's capacity. In the long-term, this means that the transmission rate will not exceed the established rate at which tokens are placed in the bucket (the committed rate). Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-11

Traffic Shaping and Policing Mechanisms Shaping Mechanisms: Generic Traffic Shaping (GTS) Frame Relay Traffic Shaping (FRTS) Class-based Shaping Policing Mechanisms: Committed Access Rate (CAR) Class-based Policing 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -13 There are five token-bucket based rate-limiting methods available in Cisco IOS. Three methods are shaping mechanisms: Generic traffic shaping Frame Relay traffic shaping Class-based shaping Two methods are policing mechanisms: Committed access rate Class-based policing All these methods are discussed next in specific sections. 4-12 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Summary Lesson Review After completing this lesson, you should be able to perform the following tasks: Describe the need for implementing traffic policing and shaping mechanisms List traffic policing and shaping mechanisms available in Cisco IOS Describe the benefits and drawbacks of traffic shaping and policing mechanisms Answer the following questions: 1. How do shaping and policing mechanisms keep track of the traffic rate? 2. Which shaping mechanisms are available with the Cisco IOS software? 3. Which policing mechanisms are available with the Cisco IOS software? 4. What are the main differences between shaping and policing? Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-13

Generic Traffic Shaping Overview Objectives This lesson describes the Generic Traffic Shaping (GTS) mechanism. Upon completion of this lesson, you will be able to perform the following tasks: Describe the GTS mechanism Describe the benefits and drawbacks of GTS Configure GTS on Cisco routers Monitor and troubleshoot GTS 4-14 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Generic Traffic Shaping Meter Traffic stream Classifier Marker Shaper Dropper Can shape multiple classes (classification) Can measure traffic rate of individual classes (metering) Delays packets of exceeding classes (shaping) 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -18 Generic Traffic Shaping (GTS) shapes traffic by reducing the outbound traffic flow to avoid congestion. This is achieved by constraining traffic to a particular bit rate using the token bucket mechanism. GTS is applied on a per-interface basis and can use access lists to select the traffic to shape. It works with a variety of Layer-2 technologies, including Frame Relay, ATM, Switched Multi-megabit Data Service (SMDS) and Ethernet. As shown in the block diagram, GTS performs three basic functions: Classification of traffic, so that different traffic classes can have different policies applied to them Metering, using a token-bucket mechanism, to distinguish between conforming and exceeding traffic Shaping, using buffering, to delay exceeding traffic and shape it to the configured rate limit Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-15

GTS Building Blocks Forwarder Classifier Yes No Shaping WFQ No Classifier Yes No Yes Shaping WFQ No Yes Classifier Yes No Yes Shaping WFQ No Physical Interface queue(s) 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -19 GTS is implemented as a queuing mechanism, where there are separate WFQ delay queues implemented for each traffic class. Each WFQ-queue delays packets until they conform to the rate-limit, and also schedules them according to the WFQ algorithm. Conforming traffic is then sent to the physical interface. Arriving packets are first classified into one of the shaping classes. Traffic not classified into any class is not shaped. Classification can be performed using access lists. Once a packet is classified into a shaping class, its size is compared to the amount of available token in the token bucket of that class. The packet is forwarded to the main interface queue if there are enough tokens. A number of tokens taken out of the token bucket is equal to the size of the packet (in bytes). If, on the other hand, there are not enough tokens to forward the packet, the packet is buffered in the WFQ system assigned to this shaping class. The router will then periodically replenish the token bucket and check if there are enough tokens to forward one or more packets out of the shaping queue. Packets are scheduled out of the shaping queue according to the WFQ scheduling algorithm. 4-16 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

GTS Overview GTS is multiprotocol GTS uses WFQ as the shaping queue GTS can be implemented in combination with any queuing mechanisms: FIFO Queuing Priority Queuing (PQ) Custom Queuing (CQ) Weighted Fair Queuing (WFQ) GTS works on output only 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -20 The GTS implementation in Cisco IOS supports multiple protocols and works on a variety of interface types. WFQ is used as the shaping delay queue, providing fair scheduling within a traffic class. Other queuing strategies (FIFO, PQ, CQ and WFQ) may be employed after GTS to provide traffic scheduling on the shaped traffic. Also, GTS only works at the output of an interface. GTS can be used to shape all outbound traffic on an interface or it can separately shape multiple classes. Classification is performed using any type of access list including all non-ip access lists. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-17

GTS Implementation Dispatches packets at configured rate Dispatches packets at line rate Dispatches packets at line rate Shaping Queue (WFQ) Software Queue (FIFO, PQ, CQ, WFQ,...) Hardware Queue (FIFO) Bypass the software queue if it is empty and there is room in the hardware queue The software queue may have no function if the sum of all shaping rates is less than link bandwidth 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -21 Packet flow through GTS is implemented using three queues. The first, the shaping queue, is WFQ-based and shapes traffic according to the specified rate using a token bucket model. This queue dispatches packets to the software queue, which may be configured with other queuing mechanisms (PQ, CQ, WFQ or FIFO). If the software queue is empty, traffic is forwarded directly to the output hardware queue. GTS supports distributed implementation on VIP adapters. This offloads traffic shaping from the route switch processor (RSP) to the Versatile Interface Processor (VIP), and constructs all of the queues in VIP packet memory. Only IP traffic can be shaped with dwfq. Another requirement is that dcef switching must be enabled. 4-18 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Configuring GTS Router(config-if)# traffic-shape rate bit-rate [burst-size [excessburst-size]] Enables traffic shaping of all outbound (sub)interface traffic In IOS versions prior to 11.2(19) and 12.0(4), optimum switching is disabled on all interfaces if traffic shaping is enabled on any interface 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -22 To enable traffic shaping for outbound traffic on an interface, use the trafficshape rate interface configuration command. Of the parameters to be specified, bit-rate is the only mandatory one. The burst-size and excess-burst-size are optional. Generic traffic shaping can be used in all switching paths. Older Cisco IOS versions may use slower switching paths when GTS is in effect. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-19

Configuring GTS Router(config-if)# traffic-shape rate bit-rate [burst-size [excessburst-size]] Bit rate average traffic rate in bps (equivalent to Frame Relay CIR) Burst size amount of traffic sent in a measurement interval in bits (equivalent to Frame Relay Bc) Default value: 1/8 of bit rate 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-23 Bit rate (in bits per second) is configured as the average traffic rate to which the traffic should be shaped on the output of the interface. Burst size (in bits) can be configured to allow for varying levels of allowed burstiness. That is, traffic, which bursts over the average traffic rate, also conforms if it falls within the burst rate in an interval. By default, this is set to one eighth of the average traffic rate, which sets the T c at one eighth of a second. This parameter is equivalent to the Frame Relay B c parameter. 4-20 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Configuring GTS Router(config-if)# traffic-shape rate bit-rate [burst-size [excessburst-size]] Excess-burst-size - amount of excess traffic that can be sent during the first burst in bps (equivalent to Frame Relay Be) Default value: no excess burst Measurement interval (Tc) is computed from bit-rate and burst-size Tc smaller than 25 ms is rejected, Tc greater than 125 ms is reduced 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -24 The excess-burst-size parameter (in bits), equivalent to the Frame Relay B e parameter, defines the excess burst of traffic, which can still be sent through the first noticed burst. By default, there is no excess burst allowed. The T c parameter defines the measurement interval, which is used in the operation of the token bucket. By default, it is directly computed from the bit rate and the burst size as B c divided by the average bit rate. To ensure proper operation of shaping, those parameters are bounded to values between 25 and 125 ms. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-21

Configuring GTS Router(config-if)# traffic-shape group access-list bit-rate [burst [excess-burst]] Shapes outbound traffic matched by the specified access list Several traffic-shape group commands can be configured on the same interface The traffic-shape rate and traffic-shape group commands cannot be mixed on the same interface Separate token bucket and shaping queue is maintained for each traffic-shape group command Traffic not matching any access list is not shaped 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -25 Classification of traffic to be shaped is performed using access lists. To enable traffic shaping based on a specific access list for outbound traffic on an interface, use the traffic-shape group interface configuration command. The traffic-shape group command allows specification of one or more previously defined access lists to shape traffic on the interface. One traffic-shape group command must be specified for each access list on the interface. Cisco IOS uses separate token buckets and shaping queues for each class, as differentiated by the access list specification. Traffic not matching any access list bypasses traffic shaping and is immediately sent to the software or hardware interface queue. Use the traffic-shape rate command if no classification is needed and shaping should be applied to all traffic. Remember that the traffic-shape group command using an IP access list permitting all IP traffic is not equivalent to the traffic-shape rate command if non-ip traffic is present in the network. 4-22 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

GTS Example #1 ISP wants to sell a service in which a customer may use all of a E1 line for 30 seconds in a burst, but on a long term average is limited to 256 kbps GTS parameters bit-rate: 256000 - output rate is 256000 bps burst-size: 32000 the number of bits sent in 125 msec excess-burst-size: 61440000 = 2048000 * 30 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-26 In the first GTS example, an ISP wants to control the amount of traffic injected into the Frame Relay WAN by the customer. The SP service uses an E1 line as the access line, limits the customer to 256 Kbps on the average, but also permits bursts of up to thirty seconds at the E1 line rate. The parameters are calculated based on the service requirements. CIR (the average bit rate) is set at the specified average rate, the burst size is set to one eighth of the CIR (32000 bits), and the excess burst size reflects the allowed thirtysecond burst at full E1 line rate. The excess burst size was calculated using the following formula: 1. Each second of transmission at line-speed requires 2 Mbits 2. Thirty second burst therefore requires 30 x 2 Mbits 3. The excess burst size is 30 x 2048000 = 61440000 It takes thirty seconds to empty the token bucket. How long does it take to fill it up again? The token bucket is emptied at 2Mbps but it is replenished at 256kbps. It takes eight times as long to fill it as it does to empty it. Every thirty second burst would, therefore, require a four-minute silence on the line to accumulate tokens. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-23

GTS Example #1 WAN Core Customer interface ethernet0/0 traffic-shape rate 256000 32000 61440000! interface serial1/0 traffic-shape rate 256000 32000 61440000 Since ISP wants to control the total amount of load the configuration would be done on both the inbound and outbound interfaces 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-27 The figure shows the router configuration required to implement this service. All the output traffic is shaped, and the shaping needs to be configured on all customer edge sites, which will perform admission control using GTS. 4-24 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

GTS Example #2 WAN Core Customer interface ethernet 0/0 traffic-shape group 101 64000 interface serial 1/0 traffic-shape group 101 64000! access-list 101 permit tcp any any eq www The customer wants to be sure that Web traffic will never use more than 64 kbps 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-28 In the second example, a customer wants to limit web usage, so that web traffic never uses more than 64 Kbps on the access link. The router configuration is shown in the figure, using default parameters for traffic bursts. An access list defines web traffic as the only shaped traffic. All other traffic bypasses GTS and can use the full access line bandwidth. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-25

Monitoring GTS Router(config)# show traffic-shape Displays current traffic shaping configuration MAX = (Bc + Be)/8 Be Bc = Tc * CIR Router#show traffic-shape access Target Byte Sustain Excess Interval Increment Adapt I/F list Rate Limit bits/int bits/int (ms) (bytes) Active Se3/3 100000 2000 8000 8000 80 1000 - CIR Bc Tc=Bc/CIR do we listen to FECN/BECN? 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-29 The figure shows the results of the show traffic-shape command issued on a router that shapes traffic to 100kbps with B c and B e set to 8000. To display the current traffic-shaping configuration, use the show traffic-shape command. To display the current traffic-shaping statistics, use the show trafficshape statistics command. Output of both the commands is detailed in the ensuing figures. Information displayed includes: The rate that traffic is shaped to The maximum number of bytes transmitted per internal interval Configured sustained bits per interval Configured excess bits in the first interval Interval being used internally (may be smaller than the committed burst divided by the CIR) Number of bytes that will be sustained per internal interval If Frame Relay has FECN/BECN adaptation configured 4-26 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Monitoring GTS Router(config)# show traffic-shape statistic Displays traffic shaping statistics Number of packets/bytes sent on the interface Router#show traffic-shape statistic Access Queue Packets Bytes Packets Bytes Shaping I/F List Depth Delayed Delayed Active Se3/3 77 16091 3733112 414 96048 yes Depth of the associated WFQ queue for delayed packets Subset of the previous number of packets/bytes delayed via the WFQ queue 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-30 The show traffic-shape statistics command displays the statistics of traffic shaping for all the configured interfaces. Displayed in the output is: The interface where the traffic-shape rate or traffic-shape group command is used (traffic-shape rate command is used on interface serial3/3 in the example) The associated access list if the traffic-shape group command is used The number of packets currently in the shaping queue (queue depth) The total number of packets that have been processed by the traffic-shape command since the last clearing of interface counters (16091 packets in the example) The total number of bytes that have been processed by the traffic-shape command since the last clearing of interface counters (3733112 bytes in the example) The total number of packets that have been delayed by the traffic-shape command since the last clearing of interface counters (414 packets in the example) The total number of bytes that have been delayed by the traffic-shape command since the last clearing of interface counters (96048 bytes in the example) If the queue depth is more than 0 than shaping is active The expected result of traffic shaping is a high ratio between transmitted packets and delayed packets. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-27

If the number of delayed packets is very high (compared to the total number of packets) then there are probably non-responsive aggressive flows being shaped and the queue depth could show high buffer utilization. If the number of delayed packets is zero then it is very likely that the access list does not match any traffic. 4-28 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Monitoring GTS Router(config)# show traffic-shape queue Displays the shaping queue contents router#show traffic-shape queue Traffic queued in shaping queue on Serial0 (depth/weight) 1/4096 Conversation 254, linktype: ip, length: 232 source: 1.1.1.1, destination: 1.1.2.47, id: 0x0001, ttl: 208, TOS: 0 prot: 17, source port 11111, destination port 22222 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -31 The show traffic-shape queue command displays the contents of the shaping queue associated with an interface. This command can be used to determine the types of flows that are congesting the shaping queue. The command displays the parameters that are used for classification within WFQ: Source IP address Destination IP address Time to live (TTL) Type of Service (ToS) field Protocol ID Source port number Destination port number The example shows that there is a non-responsive UDP flow (protocol 17) congesting the shaping queue. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-29

GTS on Frame Relay Interfaces GTS can be implemented on any type of (sub)interface GTS supports additional features when implemented on Frame Relay interfaces: Adaptation to Frame Relay congestion notification BECT-to-FECN reflection FECN creation on congestion 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -32 GTS applies on a per-interface basis, can use access lists to select the traffic to shape, and works with a variety of Layer-2 technologies, including: Frame Relay ATM Switched Multi-megabit Data Service (SMDS) Ethernet On a Frame Relay subinterface, GTS can be set up to shape to a specified rate and to adapt dynamically to available bandwidth by integrating Frame Relay congestion signaling with GTS. 4-30 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Frame Relay Refresher Frame Relay Explicit Congestion Notification FECN (Forward Explicit Congestion Notification) BECN (Backward Explicit Congestion Notification) CLLM (Consolidated Link Layer Management) Implicit Congestion Notification Network discards detected by end user at higher layers DE (Discard Eligibility) bit 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -33 Frame Relay performs congestion notification to its Layer-2 endpoints by including congestion signaling inside the Layer-2 frame headers. The FECN, BECN and DE bits in the Q.922 header of the frame provide inband congestion signaling. The Forward Explicit Congestion Notification (FECN) is bit set by a Frame Relay network to notify a device (FR DTE, which may be a router) that it should initiate congestion avoidance procedures. The Backward Explicit Congestion Notification (BECN) is bit set by a Frame Relay network to notify a device (DTE) that it should initiate proper congestion avoidance procedures. CLLM is an enhanced signaling method, used by Frame Relay switches, which expands on the FECN/BECN mechanism to improve congestion management. The Discard Eligibility (DE) bit indicates that a frame may be discarded in preference to other frames, if congestion occurs, to maintain the committed quality of service within the network. Frames with the DE bit set are considered B e excess data. Congestion notification may be explicit (honored by Layer-2 devices) or implicit (detected and honored by higher-layer protocols, not by the Layer-2 network). FECN/BECN and CLLM are explicit methods, while BE-setting is an implicit notification method. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-31

Frame Relay FECN/BECN Congestion Control S e n d e r FECN Frame 1 Frame 1 FECN No Congestion this Side Frame 2 BECN Switch monitors all transmit queues for congestion Frame Relay Switch Same Virtual Circuit (VC) Congestion this Side Frame 2 FR Switch detects congestion on output queue and informs: The receiver by setting the FECN bit on forwarded frames The source by setting the BECN bit on frames going in the opposite direction R e c e i v e r 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -34 A Frame Relay switch can explicitly report congestion in two directions: Forward and Backward. When a frame queue inside a switch is congested, the switch will generate congestion signals based on the FECN and BECN bits. If congestion occurs in a queue towards the main receiver of traffic, FECN signals are sent to the receiving Layer-2 endpoint and BECN signals are sent to the sending Layer-2 endpoint. FECN and BECN bits are not sent as separate frames, but are piggybacked inside data frames. 4-32 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

GTS Frame Relay Congestion Adaptability On a Frame Relay (sub)interface, GTS can adapt dynamically to available Frame Relay bandwidth by integrating BECN signals The GTS bit rate is reduced when BECN packets are received to reduce the data flow through congested Frame Relay network Adaptation is done on per (sub)interface basis GTS bit rate is gradually increased when the congestion is no longer present (no BECN packets are received any more) 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -35 BECN is the flag that the sending DTE (router as a Frame Relay endpoint) is able to integrate to determine the congestion status of the Layer-2 WAN. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-33

GTS Frame Relay Congestion Adaptability Mechanisms Bit-rate adaptation Traffic shaping bit-rate is reduced when a packet with BECN bit is received in the Tc Traffic shaping bit-rate is increased if no BECN bits were received in the Tc FECN to BECN propagation A test packet with BECN bit set is sent to the sender if a packet with FECN bit set is received 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -36 The first adaptation mechanism is bit-rate adaptation. GTS is able to respond to Layer-2 congestion by reducing its shaping rate to three-quarters of the current rate, until the Layer-2 network recovers from congestion. When BECN flags are no longer received, the rate is slowly ramped up again to the original shaping rate. This is also a lower limit of rate reduction, which bounds the reduction process so that at least some throughput is maintained. The BECN-integrating functionality is performed on a per sub-interface (DLCI) basis. However, if the congestion was caused by simplex traffic (such as a multicast video stream) or by an aggressive TCP connection, it is expected that the reverse traffic (frames flowing from the receiver to the sender, marked with the BECN bit) might come by less frequently than required to feed the integration. So the receiving DTE (the receiving router) can help matters when it receives a message with FECN set by first checking to see if it has any data, and if it does not, originating a message with BECN set. This message might be a Q.922 TEST RESPONSE message, which would by virtue of its message type be understood to be a message to discard and not reply to. This feature is called FECN-to-BECN propagation. 4-34 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

An Example of BECN Integration INC added every Tc in the token Bucket becn 9000 8000 7000 6000 5000 4000 3000 2000 1000 becn BECN Integration traffic-shape rate 64000 8000 8000 traffic-shape adaptive 32000 BECN received at Tc#1 and Tc#3 Hypothesis: no idle traffic Inc 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 time represented in units of Tc 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -37 The figure shows the shaped rate of a token bucket-based GTS responding to BECN packets it received. As mentioned, the rate is reduced to three-quarters of the previous rate for every T c interval, which saw at least one BECN message received at the router. When no BECN messages are received in a T c period, the shaped rate is brought up slowly, up one-sixteenth of the current rate. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-35

FECN to BECN Propagation S e n d e r Frame Relay Switch Congestion FECN BECN in Q.922Test R e c e i v e r If there is no reverse traffic, the switch is not able to set BECN in frames going back to sender 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -38 The other adaptation method, FECN-to-BECN propagation, configures a Frame Relay sub-interface to reflect received FECN bits as BECN in Q.922 TEST RESPONSE messages. This enables the sender to notice congestion in the Layer- 2 network, even if there is no data traffic flowing from the receiver back to the sender. 4-36 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Configuring Bit-rate Adaptation Router(config-if)# traffic-shape adaptive [bit-rate] Configures Traffic Shaping Frame Relay bit-rate adaptation bit-rate - lowest bit-rate the traffic is shaped to in response to continuous BECN signals Default: 1/2 the specified traffic shaping rate Traffic shaping has to be enabled 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -39 Frame Relay bit rate adaptation is configured using the traffic-shape adaptive command, which specifies the lower limit to which the shaped rate should be reduced in presence of incoming BECN signals. By default, this is half the configured sustained (committed) rate in GTS. The bit rate is configured in bits per second. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-37

Configuring FECN to BECN propagation Router(config-if)# traffic-shape fecn-adapt Configures the router to send Frame Relay TEST message with BECN bit set in response to receiving a frame with FECN bit set Can be used without adaptive traffic shaping Router(config-if)# traffic-shape fecn-create Sets FECN bit in all outgoing packets that have been delayed due to traffic shaping Use for debugging/simulation only 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -40 The traffic-shape fecn-adapt command enables the FECN-to-BECN propagation. It can be used without adaptive GTS, as configured with the previous command. This feature should be used for testing purposes only. If the feature is combined with the adaptation feature it is very likely that the first delayed packet will cause the shaping to slow down to the minimum shaping rate. For example: 1. Router A (sender) sends a frame with a FECN bit because it had to delay a packet. 2. Router B (receiver) replies with the TEST frame with the BECN bit set 3. Router A (sender) reduces the shaping rate due to the received BECN causing even more delay and more packets with the FECN bit set. 4-38 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Conservative scenario GTS Frame Relay Adaptation Design Set shaping rate to CIR Set minimum rate to MIR (or 1/2 CIR) Optimistic scenario Set shaping rate to EIR Set minimum rate to CIR Realistic scenario Set shaping rate to EIR Set minimum rate to MIR (or 1/2 CIR) 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -41 To illustrate different possibilities of adaptation, consider the following three scenarios for using GTS over a Frame Relay circuit In a conservative scenario, where there should be minimal congestion and dropping, the shaping rate is set to the contracted Frame Relay CIR (Committed Information Rate) and the minimum rate of adaptation is set either to MIR (Minimum Information Rate) or half the CIR value. MIR depends on the provider s over provisioning of the network and can be as low as one-tenth of the CIR. This configuration minimizes dropping, but does not allow excess bandwidth to be fully utilized. In an optimistic scenario, the normal shaping rate may be set to the EIR (Excess Information Rate) and the minimum rate to the CIR. This configuration would probably cause too much dropping in a loaded Frame Relay network. In a realistic scenario, utilizing most excess bandwidth can be achieved by setting the shaping rate to the EIR and the minimum adaptation rate to the MIR (or half the CIR). This would allow full advantage to be made of the Frame Relay network, if possible, and to adapt to a realistic level if congestion is indicated. Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-39

GTS Frame Relay Adaptation Example WAN Core Customer interface serial 0/0 traffic-shape rate 64000 8000 8000 traffic-shape adaptive 48000 EIR = 64 kbps CIR = 48 kbps Assumption: Frame Relay network is usually not congested 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -42 This GTS shape rate adaptation example shows a configuration of GTS, where traffic is shaped to the EIR of 64 Kbps, with the adaptive floor being equal to CIR, which is contracted at 48 Kbps. No FECN-to-BECN propagation is configured. This example would work optimally only if the Frame Relay network is unlikely to get congested because setting the adaptive floor to the CIR cannot lower the shaping rate below the CIR. Lowering the rate below the contracted CIR may be necessary in most commercial Frame Relay networks. 4-40 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Summary Lesson Review GTS can be applied only on output interfaces GTS performs traffic shaping or smoothing GTS cannot mark or drop packets GTS supports BECN and FECN in Frame Relay environments GTS does not support cascaded policies GTS does not provide managed discard GTS cannot run in distributed mode GTS supports only extended IP access lists GTS supports RSVP as it uses WFQ Answer the following questions: 1. What software queuing mechanisms are supported in combination with GTS? 2. Which queuing structure does GTS use? 3. What features does GTS include when used on Frame Relay interfaces? Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-41

Frame Relay Traffic Shaping Overview Objectives The section describes the Frame Relay Traffic Shaping (FRTS) mechanism. Upon completion of this section, you will be able to perform the following tasks: Describe the FRTS mechanism Describe the benefits and drawbacks of FRTS Compare the GTS and FRTS mechanisms Configure FRTS on Cisco routers Monitor and troubleshoot FRTS 4-42 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

Frame Relay Traffic Shaping Meter Traffic stream Classifier Marker Shaper Dropper Can NOT shape multiple classes Can be implemented on per-vc basis (classification) Can measure traffic rate of individual virtual circuits (metering) Delays packets of exceeding VC-s (shaping) Dynamic Traffic Throttling on a Per-VC Basis (BECN or ForeSight) Enhanced Queuing Support on a Per-VC Basis (PQ, CQ or WFQ) 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -48 Cisco has long provided support for FECN for DECnet and OSI, and BECN for SNA traffic using LLC2 encapsulation and DE bit support. FRTS builds upon this existing Frame Relay support with additional capabilities that improve the scalability and performance of a Frame Relay network, thereby increasing the density of VCs and improving response time. Frame Relay Traffic Shaping (FRTS) can eliminate bottlenecks in Frame Relay networks that have high-speed connections at the central site and low-speed connections at branch sites. Rate enforcement can be configured to limit the rate at which data is sent on the VC at the central site. Using FRTS, rate enforcement can be configured to either the CIR or some other defined value such as the excess information rate on a per-vc basis. The ability to allow the transmission speed used by the router to be controlled by criteria other than line speed (that is, by the CIR or the excess information rate) provides a mechanism for sharing media by multiple VCs. Bandwidth can be allocated per VC, creating a virtual time-division multiplexing (TDM) network. PQ, CQ and WFQ can also be defined at the VC or subinterface level. Using these queuing methods allows for finer granularity in prioritising and queuing of traffic, thus providing more control over the traffic flow on an individual VC. If CQ is combined with the per-vc queuing and rate enforcement capabilities, Frame Relay VCs are enabled to carry multiple traffic types, such as IP, SNA and IPX, with guaranteed bandwidth for each traffic type. Using information contained in the BECN-tagged packets received from the network, FRTS can also dynamically throttle traffic. With BECN-based throttling, packets are held in the buffers of the router to reduce the data flow from the router into the Frame Relay network. The throttling is done on a per-vc basis and Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-43

the transmission rate is adjusted based on the number of BECN-tagged packets received. With the Cisco FRTS feature, ATM ForeSight closed loop congestion control can be integrated to actively adapt to downstream congestion conditions. 4-44 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.

FRTS Building Blocks No classifier, shaping performed on individual VC Enough Tokens? No Shaping Queue Forwarder + Frame Relay maps Enough Tokens? No Yes Shaping Queue Yes Enough Tokens? No Yes Shaping Queue Traffic for VCs that are not shaped Physical Interface queue(s) 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-48 In this block diagram, FRTS operation on a physical Frame Relay interface is shown. There is no global pre-classification of traffic, but packets are sent to their individual VCs instead. Shaping is then performed on a per-vc basis, with a separate shaping queue/token bucket for each VC. Packets coming out of their individual per-vc shapers are then sent to the physical interface queue (Tx queue/tx ring). Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-45

FRTS Overview FRTS is multiprotocol FRTS can use one of the following queuing mechanisms as the shaping queue: Priority Queuing (PQ) Custom Queuing (CQ) Weighted Fair Queuing (WFQ) FRTS can only be implemented in combination with WFQ on the interface FRTS works on output only 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -50 FRTS is a shaping implementation that supports multiple protocols. Unlike GTS, which performs a WFQ-based scheduling on the entry of the shaper with an arbitrary scheduling mechanism on the physical interface, FRTS performs its operations the other way around. FRTS can use priority queuing, custom queuing, or weighed fair queuing as the scheduling method on the entry of the shaper. This allows for finer granularity in the prioritization and queuing of traffic and provides more control over the traffic flow on an individual VC. If CQ is combined with the per-vc queuing and rate enforcement capabilities, Frame Relay VCs are enabled to carry multiple traffic types, with bandwidth guaranteed for each traffic type. For example, if CQ is combined with the per-vc queuing and rate enforcement capabilities, FR VC s can be enabled to carry IP, SNA and IPX traffic, with bandwidth guaranteed for each. At the physical interface itself (after the packet has been fancy queued and shaped) WFQ needs to be enabled in conjunction with FRTS. WFQ is currently the only supported interface scheduling method. FRTS can only be configured on the output of an interface. 4-46 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.