Policing (CAR) and Shaping



:Policing and Shaping Overview:

     Ø  Cisco IOS QoS offers two kinds of traffic regulation mechanisms- policing and shaping
     Ø  The rate-limiting features of committed access rate (CAR), And Traffic Policing feature provides the       functionality for policing traffic.
     Ø  The feature of Generic Traffic Shaping (GTS) , class-Based Shaping , Distributed Traffic Shaping (DTS) , and frame-relay Traffic shaping (FRTS) provide the functionality for shaping traffic.

·         A policer typically drops traffic. CAR rate-limiting policer will either drop the packet or rewrite its IP precedence.
·         A shaper typically delays excess traffic using a buffer, hold packets and shape the flow when the data rate of the source is higher than expected.

What Is a Token Bucket ?

    Ø  A token bucket is a formal definition of a rate of transfer.
    Ø  It has 3 components , a burst size (depth of token bucket) , a mean rate and a time interval (Tc). Mean rate is generally presented as bits per second.

Mean Rate = Burst Size / time interval

·         Mean-Rate: Also called the committed information rate (CIR), it specifies how much data can be sent or forwarded per unit time on average.
·         Burst-Size : Also called the committed Burst (Bc) size,(Depth of token bucket) it specifies in bits (or bytes) per burst how much traffic can be sent within a given unit of time to not create scheduling concerns.
·         Time-Interval : Also called the measurement interval. Time quantum in Second per burst.

     Ø  By definition, the bit rate of the interface will not exceed the mean rate.
     Ø  A token bucket is used to manage a device that regulates the data in a flow .
     Ø For example, the regulator might be a traffic policer, such as , or a traffic shaper , such as FRTS or GTS
     Ø  A token bucket itself has no discard or priority policy. Rather , a token bucket discards tokens and leaves to the flow the problems of managing its transmission queue if flow overdrives the regulator.
     Ø  Tokens are put into the bucket at a certain rate. The bucket itself has a specified capacity. If the bucket fills to capacity, newly arriving tokens are discarded.
     Ø  If not enough tokens are in the bucket to send a packet, the packet either waits until the bucket has enough token (in case of GTS) or the packet is discarded or marked down (in case of CAR).

 Policing with CAR ::

     Ø  CAR embodies a rate-limiting feature for policing traffic, in addition to its classification feature.
     Ø  The rate-limiting feature of CAR manages the access bandwidth policy for a network by ensuring that traffic falling within specified rate parameters is sent , while dropping packets that exceed the acceptable amount of traffic or sending them with a different priority.

The Rate-limiting function of CAR does the following:

·         Allows you to control the max rate of traffic sent or received on an interface.
·         Define L3 aggregate or granular incoming and outgoing bandwidth rate limits.
·         Specify traffic handling policies when the traffic either conforms to or exceeds the specified rate limits.
-          Aggregate bandwidth rate limits match all of the packets on an interface or sub-interface.
-          Granular bandwidth rate limits match a particular traffic based on precedence , MAC address , or other parameters.

CAR works::

    Ø  CAR examines traffic received on an interface or a subset of that traffic selected by access-list criteria  . 
    Ø  It then compares the rate of the traffic to a configured token bucket and takes action based on the result.
    Ø  CAR will drop the packet or rewrite the IP precedence by resetting the type of service (ToS) bits.
    Ø  We can conf CAR to send , drop or set precedence.

CAR rate limiting are explained in the following sections:
    
     1)      Matching Criteria
     2)      Rate Limits
     3)      Conform and Exceed Actions
     4)      Multiple Rate policies.


     1)      MATCHING CRITERIA::
       Ø  Traffic matching entails identification of traffic of interest for rate-limiting , precedence setting, or both.
       Ø  Rate  policies can be associated with one of the following qualities
-          Incoming interface
-          Ip Precedence (defined by a rate-limit access-list)
-          MAC address (defined by a rate-limit access-list)
-          MPLS experimental (EXP) value (defined by a rate-limit access-list
-          UP access-list (standard and extended)
       Ø  CAR provides configurable actions, such as send , drop , or set precedence when traffic conforms to or exceeds the rate-limit.

     2)      Rate Limits:

      Ø  CAR propagates bursts. It does not smoothing or shaping of traffic.
      Ø  CAR rate limits may be implemented either on input or output interface or sub-interface including Frame-Relay and ATM sub-interface.

What Rate Limits Define:

Rate limits define which packets conform to or exceed the defined rate based on the following three parameters:

·         Average Rate : The average rate determines the long-term average transmission rate. Traffic that falls under this rate will always conform.
·         Normal Burst Size: The normal burst size determines how large traffic bursts can be before some traffic exceeds the rate-limit.
·         Excess Burst Size: The Excess Burst (Be) size determines how large traffic bursts can be before all traffic exceeds the rate-limit . 

      Ø  The maximum number of tokens that a bucket can contain is determined by the normal burst size configured for the token bucket.

     3)       Conform and Exceed Actions:
       Ø  CAR utilize a token bucket , thus CAR can pass temporary bursts that exceed the rate-limit as long as token are available.
       Ø  Once a packet has been classified as conforming to or exceeding a particular rate limit, the router performs one of the following actions on the packet:
-          Transmit
-          DROP
-          Set precedence and transmit- The IP precedence (ToS) bits in the packet header are rewritten. The packet is then sent. You can use this action to either color (set precedence) or recolor (modify existing packet precedence) the packet.
-          Continue- The packet is evaluated using the next rate policy in a chain or rate limits . If there is not another rate policy in the chain of rate limits.

     4)      Multiple Rate Policy:

       Ø  A single CAR rate policy includes information about the rate limit , conform actions and exceed actions.
       Ø  Each interface can have multiple CAR rate policies policies corresponding to different types of traffic.
       Ø  When there are multiple rate policies, the router examines each policy in the order entered until the packet matches.
       Ø  If no matches is found, the default action is to send.
       Ø  A packet may be compared to multiple different rate policies.
       Ø  Cascading of rate policies allows a series of rate limits to be applied to packet to specify more granular     policies.
       Ø  We can configure up to a 100 rate policies on a subinterface.

Configure CAR and DCAR for all IP traffic:
  
        Ø  To configure CAR (or DCAR on Cisco 7000 series routers with RSP7000 or Cisco 7500 series routers with a VIP2-40 or greater interface processor) for all IP traffic, use the following commands beginning in global configuration mode:

       Ø  STEP 1: Specifies the interface or sub-interface. This command puts the router in interface configuration mode.

Router (config)# interface <interface_type interface_number>

       Ø  Specifies a basic CAR policy for all IP traffic:

Router (config-if)# rate-limit {input|output} <bps> <burst-normal><burst-max>confirm-action <action> exceed-action <action>

Action:

Continue   - Evaluates the next rate-limit command
Drop – Drops the packet
Set-prec-continue <new-prec>  - sets the IP precedence and evaluates the next rate-limit command.
Set-prec-transmit <new-prec> - Sets the IP precedence and sends the packet.
Transmit – Sends the packet.

Configuring CAR and DCAR Policies:::

      Ø  Specifies the interface or sub-interface . This command puts the router in interface configuration mode.

Router (config)# interface <interface-type interface-number>

      Ø  Specifies the rate policy for each particular class of traffic.

Router (config)# rate-limit {input|output} [access-group [rate-limit] acl-index ] bps <burst-normal> <burst-max> conform-action <action> exceed-action <action>


      Ø  (Optional) Specifies a rate-limited access-list

Router(config)# access-list rate-limit <acl-index> {precedence | mac-address | mask prec-mask}

      Ø  (Optional) Specifies a standard or extended access list.

Router (config) # access-list <acl-index> {deny|permit} <protocol-source><source-wildcard><destination><destination-wildcard> [precedence precedence] [tos tos] [log]


Monitoring CAR and DCAR::

# show access-list

# show access-lists rate-limit [access-list-number]

# show interface [interface-type interface-number] rate-limit

By Er.AJAI SINGH on Monday, 21 January 2013 | , | A comment?
0 responses to “Policing (CAR) and Shaping ”

Leave a Reply