Policing (CAR) and Shaping
:Policing and Shaping Overview:
Ø
Cisco IOS QoS offers two kinds of traffic
regulation mechanisms- policing and shaping
Ø
The rate-limiting features of committed
access rate (CAR), And Traffic Policing feature provides the functionality
for policing traffic.
Ø
The feature of Generic Traffic Shaping (GTS) ,
class-Based Shaping , Distributed Traffic Shaping (DTS) , and frame-relay
Traffic shaping (FRTS) provide the functionality for shaping traffic.
·
A policer typically drops traffic. CAR
rate-limiting policer will either drop the packet or rewrite its IP precedence.
·
A shaper typically delays excess traffic using a
buffer, hold packets and shape the flow when the data rate of the source is
higher than expected.
What Is a
Token Bucket ?
Ø
A token bucket is a formal definition of a
rate of transfer.
Ø
It has 3 components , a burst size (depth of
token bucket) , a mean rate and a time interval (Tc). Mean rate is generally
presented as bits per second.
Mean Rate = Burst Size / time interval
·
Mean-Rate: Also called the committed information
rate (CIR), it specifies how much data can be sent or forwarded per unit time
on average.
·
Burst-Size : Also called the committed Burst
(Bc) size,(Depth of token bucket) it specifies in bits (or bytes) per burst how
much traffic can be sent within a given unit of time to not create scheduling
concerns.
·
Time-Interval : Also called the measurement
interval. Time quantum in Second per burst.
Ø
By definition, the bit rate of the interface
will not exceed the mean rate.
Ø
A token bucket is used to manage a device that
regulates the data in a flow .
Ø
For example, the regulator might be a traffic
policer, such as , or a traffic shaper , such as FRTS or GTS
Ø
A token bucket itself has no discard or priority
policy. Rather , a token bucket discards tokens and leaves to the flow the
problems of managing its transmission queue if flow overdrives the regulator.
Ø
Tokens are put into the bucket at a certain
rate. The bucket itself has a specified capacity. If the bucket fills to capacity,
newly arriving tokens are discarded.
Ø
If not enough tokens are in the bucket to send a
packet, the packet either waits until the bucket has enough token (in case of
GTS) or the packet is discarded or marked down (in case of CAR).
Policing with CAR ::
Ø
CAR embodies a rate-limiting feature for
policing traffic, in addition to its classification feature.
Ø
The rate-limiting feature of CAR manages the
access bandwidth policy for a network by ensuring that traffic falling within
specified rate parameters is sent , while dropping packets that exceed the
acceptable amount of traffic or sending them with a different priority.
The Rate-limiting function of CAR does the
following:
·
Allows you to control the max rate of traffic
sent or received on an interface.
·
Define L3 aggregate or granular incoming and
outgoing bandwidth rate limits.
·
Specify traffic handling policies when the
traffic either conforms to or exceeds the specified rate limits.
-
Aggregate bandwidth rate limits match all of
the packets on an interface or sub-interface.
-
Granular bandwidth rate limits match a
particular traffic based on precedence , MAC address , or other parameters.
CAR
works::
Ø
CAR examines traffic received on an interface or
a subset of that traffic selected by access-list criteria .
Ø
It then compares the rate of the traffic to a
configured token bucket and takes action based on the result.
Ø
CAR will drop the packet or rewrite the IP
precedence by resetting the type of service (ToS) bits.
Ø
We can conf CAR to send , drop or set
precedence.
CAR rate limiting are explained in
the following sections:
1)
Matching Criteria
2)
Rate Limits
3)
Conform and Exceed Actions
4)
Multiple Rate policies.
1) MATCHING CRITERIA::
Ø
Traffic matching entails identification of
traffic of interest for rate-limiting , precedence setting, or both.
Ø
Rate
policies can be associated with one of the following qualities
-
Incoming interface
-
Ip Precedence (defined by a rate-limit
access-list)
-
MAC address (defined by a rate-limit access-list)
-
MPLS experimental (EXP) value (defined by a
rate-limit access-list
-
UP access-list (standard and extended)
Ø
CAR provides configurable actions, such as send
, drop , or set precedence when traffic conforms to or exceeds the rate-limit.
2) Rate Limits:
Ø
CAR propagates bursts. It does not smoothing or
shaping of traffic.
Ø
CAR rate limits may be implemented either on
input or output interface or sub-interface including Frame-Relay and ATM
sub-interface.
What Rate Limits Define:
Rate limits define which packets conform to or exceed the defined rate
based on the following three parameters:
·
Average Rate : The average rate determines the
long-term average transmission rate. Traffic that falls under this rate will
always conform.
·
Normal Burst Size: The normal burst size
determines how large traffic bursts can be before some traffic exceeds the
rate-limit.
·
Excess Burst Size: The Excess Burst (Be) size
determines how large traffic bursts can be before all traffic exceeds the
rate-limit .
Ø
The maximum number of tokens that a bucket can
contain is determined by the normal burst size configured for the token bucket.
3) Conform and Exceed Actions:
Ø
CAR utilize a token bucket , thus CAR can pass
temporary bursts that exceed the rate-limit as long as token are available.
Ø
Once a packet has been classified as conforming
to or exceeding a particular rate limit, the router performs one of the
following actions on the packet:
-
Transmit
-
DROP
-
Set precedence and transmit- The IP precedence (ToS)
bits in the packet header are rewritten. The packet is then sent. You can use
this action to either color (set precedence) or recolor (modify existing packet
precedence) the packet.
-
Continue- The packet is evaluated using the next
rate policy in a chain or rate limits . If there is not another rate policy in
the chain of rate limits.
4) Multiple Rate Policy:
Ø
A single CAR rate policy includes information
about the rate limit , conform actions and exceed actions.
Ø
Each interface can have multiple CAR rate
policies policies corresponding to different types of traffic.
Ø
When there are multiple rate policies, the
router examines each policy in the order entered until the packet matches.
Ø
If no matches is found, the default action is to
send.
Ø
A packet may be compared to multiple different
rate policies.
Ø
Cascading of rate policies allows a series of
rate limits to be applied to packet to specify more granular policies.
Ø
We can configure up to a 100 rate policies on a
subinterface.
Configure
CAR and DCAR for all IP traffic:
Ø
To configure CAR (or DCAR on Cisco 7000 series
routers with RSP7000 or Cisco 7500 series routers with a VIP2-40 or greater
interface processor) for all IP traffic, use the following commands beginning
in global configuration mode:
Ø
STEP 1: Specifies the interface or
sub-interface. This command puts the router in interface configuration mode.
Router (config)# interface <interface_type
interface_number>
Ø Specifies
a basic CAR policy for all IP traffic:
Router (config-if)# rate-limit
{input|output} <bps> <burst-normal><burst-max>confirm-action
<action> exceed-action <action>
Action:
Continue - Evaluates the next rate-limit command
Drop – Drops the packet
Set-prec-continue <new-prec> - sets the IP precedence and evaluates the
next rate-limit command.
Set-prec-transmit <new-prec>
- Sets the IP precedence and sends the packet.
Transmit – Sends the
packet.
Configuring
CAR and DCAR Policies:::
Ø
Specifies the interface or sub-interface . This
command puts the router in interface configuration mode.
Router (config)# interface <interface-type
interface-number>
Ø
Specifies the rate policy for each particular
class of traffic.
Router (config)# rate-limit {input|output}
[access-group [rate-limit] acl-index ] bps <burst-normal> <burst-max>
conform-action <action> exceed-action <action>
Ø
(Optional) Specifies a rate-limited access-list
Router(config)# access-list rate-limit <acl-index>
{precedence | mac-address | mask prec-mask}
Ø
(Optional) Specifies a standard or extended
access list.
Router (config) # access-list <acl-index>
{deny|permit} <protocol-source><source-wildcard><destination><destination-wildcard>
[precedence precedence] [tos tos] [log]
Monitoring
CAR and DCAR::
# show access-list
# show access-lists
rate-limit [access-list-number]
# show interface [interface-type interface-number] rate-limit
0 responses to “Policing (CAR) and Shaping ”