Policing and Shaping 357
Figure 9-2 Class-Based Policer
The rate is measured in bits per second, and the optional burst parameters are measured in
bytes. Five options are available for the conform-action; drop, transmit, set-dscp-
transmit, set-prec-transmit, and set-qos-transmit. These same options are available for
the exceed-action and violate-action as well. All packets conforming to the configured
committed information rate are forwarded based on the forward action. When a packet is
forwarded, the number of tokens equal to the size of the packet is removed from the Bc
bucket. If a packet exceeds the committed information rate, meaning, there are not enough
tokens in the Bc bucket to service the entire packet, the exceed-action is enforced. When a
packet is forwarded based on the exceed-action, the appropriate amount of tokens are
depleted from the Be bucket. Finally, if a packet exceeds the configured rate and there are
not enough tokens available in the Be bucket to accommodate the entire packet, the packet
violates the configured contract. As a result, the violate-action is enforced. This may result
in marking down the packet’s DSCP value or just dropping the violating packet. You can
also configure the class-based policer to emulate a single-bucket CAR implementation. By
only configuring the conform-action and exceed-action, the class-based policer will behave
based on a single-bucket policing mechanism. If the violate-action is not specified in the
configuration, the Be bucket is not configured, and therefore not used. Also specifying the
drop keyword as the preferred action at any point results in all subsequent actions being
configured to drop. Example 9-11 shows a class-based policer configuration and how to
verify the behavior.
CIR CIR
EBSCBS
No No
B<TeB<Tc
Ye s Ye s
Packet of size B
Violate
Action
Action
Exceed
Action
Conform
358 Chapter 9: QoS Support on the Catalyst 6500 MSFC and FlexWAN
Example 9-11 Configuring and Verifying Distributed Class-Based Policing
MSFC(config)#class-map match-any Non-essential
MSFC(config-cmap)#match protocol http
MSFC(config-cmap)#match protocol fasttrack
MSFC(config)#class-map match-any Low-Priority
MSFC(config-cmap)#match protocol smtp
MSFC(config-cmap)#match protocol secure-http
MSFC(config)#class-map match-any Business-essential
MSFC(config-cmap)#match protocol sqlnet
MSFC(config-cmap)#match protocol sqlserver
MSFC(config)#class-map match-any Video-preso
MSFC(config-cmap)#match protocol netshow
MSFC(config-cmap)#exit
MSFC(config)#policy-map CB-Policing
MSFC(config-pmap)#class Non-essential
MSFC(config-pmap-c)#police 344000 65625 65625 conform-action set-dscp-transmit 0
exceed-action
dd
dd
rr
rr
oo
oo
pp
pp
MSFC(config-pmap-c)#exit
MSFC(config-pmap)#class Low-Priority
MSFC(config-pmap-c)#police 400000 75000 75000 conform-action set-dscp-transmit 6
exceed-action
ss
ss
ee
ee
tt
tt
--
--
dd
dd
ss
ss
cc
cc
pp
pp
--
--
tt
tt
rr
rr
aa
aa
nn
nn
ss
ss
mm
mm
ii
ii
tt
tt
00
00
vv
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ee
ee
--
--
aa
aa
cc
cc
tt
tt
ii
ii
oo
oo
nn
nn
dd
dd
rr
rr
oo
oo
pp
pp
MSFC(config-pmap-c)#exit
MSFC(config-pmap)#class Business-essential
MSFC(config-pmap-c)#police 400000 75000 75000 conform-action set-dscp-transmit 16
exceed-action
ss
ss
ee
ee
tt
tt
--
--
dd
dd
ss
ss
cc
cc
pp
pp
--
--
tt
tt
rr
rr
aa
aa
nn
nn
ss
ss
mm
mm
ii
ii
tt
tt
88
88
vv
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ee
ee
--
--
aa
aa
cc
cc
tt
tt
ii
ii
oo
oo
nn
nn
dd
dd
rr
rr
oo
oo
pp
pp
MSFC(config-pmap-c)#exit
MSFC(config-pmap)#class Video-preso
MSFC(config-pmap-c)#police 1000000 187500 187500 conform-action set-dscp-transmit
26
ee
ee
xx
xx
cc
cc
ee
ee
ee
ee
dd
dd
--
--
aa
aa
cc
cc
tt
tt
ii
ii
oo
oo
nn
nn
ss
ss
ee
ee
tt
tt
--
--
dd
dd
ss
ss
cc
cc
pp
pp
--
--
tt
tt
rr
rr
aa
aa
nn
nn
ss
ss
mm
mm
ii
ii
tt
tt
11
11
88
88
vv
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ee
ee
--
--
aa
aa
cc
cc
tt
tt
ii
ii
oo
oo
nn
nn
dd
dd
rr
rr
oo
oo
pp
pp
MSFC(config-pmap-c)#exit
MSFC(config-pmap)#exit
MSFC(config)#interface serial 3/0/0
MSFC(config-if)#service-policy input CB-Policing
MSFC(config-if)#end
MSFC#show policy-map interface serial 3/0/0
Serial3/0/0
service-policy input: CB-Policing
class-map: Non-essential (match-any)
475684 packets, 147459900 bytes
30 second offered rate 1230000 bps, drop rate 650000 bps
match: protocol http
285389 packets, 99886150 bytes
30 second rate 833000 bps
match: protocol fasttrack
190295 packets, 47573750 bytes
30 second rate 395000 bps
police:
344000 bps, 65625 limit, 65625 extended limit
conformed 151166 packets, 41049400 bytes; action: set-dscp-transmit 0
Policing and Shaping 359
exceeded 405 packets, 130850 bytes; action: drop
violated 324112 packets, 106279300 bytes; action: drop
conformed 341000 bps, exceed 0 bps violate 887000 bps
class-map: Low-Priority (match-any)
394109 packets, 132133750 bytes
30 second offered rate 707000 bps, drop rate 226000 bps
match: protocol smtp
95140 packets, 14271000 bytes
30 second rate 117000 bps
match: protocol secure-http
298969 packets, 117862750 bytes
30 second rate 587000 bps
police:
400000 bps, 75000 limit, 75000 extended limit
conformed 178233 packets, 48220925 bytes; action: set-dscp-transmit 6
exceeded 439 packets, 149825 bytes; action: set-dscp-transmit 0
violated 218631 packets, 84629025 bytes; action: drop
conformed 396000 bps, exceed 0 bps violate 309000 bps
class-map: Business-essential (match-any)
332979 packets, 57081025 bytes
30 second offered rate 475000 bps, drop rate 54000 bps
match: protocol sqlnet
190265 packets, 42809625 bytes
30 second rate 356000 bps
match: protocol sqlserver
142714 packets, 14271400 bytes
30 second rate 117000 bps
police:
400000 bps, 75000 limit, 75000 extended limit
conformed 281382 packets, 48220450 bytes; action: set-dscp-transmit 16
exceeded 802 packets, 149950 bytes; action: set-dscp-transmit 8
violated 54235 packets, 9300375 bytes; action: drop
conformed 396000 bps, exceed 0 bps violate 76000 bps
class-map: Video-preso (match-any)
316766 packets, 110868100 bytes
30 second offered rate 1107000 bps, drop rate 79000 bps
match: protocol netshow
316766 packets, 110868100 bytes
30 second rate 1107000 bps
police:
1000000 bps, 187500 limit, 187500 extended limit
conformed 316429 packets, 110750150 bytes; action: set-dscp-transmit 26
exceeded 535 packets, 187250 bytes; action: set-dscp-transmit 18
violated 3734 packets, 1306900 bytes; action: drop
conformed 992000 bps, exceed 0 bps violate 112000 bps
class-map: class-default (match-any)
95643 packets, 19061418 bytes
30 second offered rate 157000 bps, drop rate 0 bps
match: any
95643 packets, 19061418 bytes
30 second rate 157000 bps
Example 9-11 Configuring and Verifying Distributed Class-Based Policing (Continued)
360 Chapter 9: QoS Support on the Catalyst 6500 MSFC and FlexWAN
Distributed Traffic Shaping
Traffic shaping is a mechanism that regulates the amount of traffic leaving a particular interface.
Contrary to the policer, the traffic-shaping mechanism allocates buffers to accommodate traffic
exceeding the committed information rate. Buffering allows the traffic shaper to tolerate short
bursts in traffic, which are regulated and subsequently transmitted at the committed rate.
Shaping is commonly found in Frame Relay environments, or on interfaces peering to a service
provider. Due to potential speed mismatches within a Frame Relay cloud, traffic shaping is
implemented to ensure downstream interfaces are not overwhelmed with traffic. Traffic shaping
prevents bottlenecks and congestion from occurring within the network. In the case of service
providers, they provide their customers with specific service-level contracts. Frequently, service
providers strictly enforce these contracts by policing traffic transmitted toward the provider
cloud. Shaping can be applied in this instance to ensure network traffic conforms to the
provider’s policies. This enables the end user to deterministically prioritize their traffic and
ensure mission-critical applications are not left to the discretion of the provider. The FlexWAN
module supports distributed traffic shaping (DTS). DTS is configured using the MQC and
applied under the policy map class using the following command:
shape {average | peak} {
rate
} [
normal burst
] [
excess burst
]
Rate is expressed in bits per second and represents the average transmission rate for egress
traffic. Normal burst (Bc) and excess burst (Be) are expressed in bits and represent the number
of bits transmitted per time interval (Bc/rate). When the average keyword is specified, a total of
Bc is transmitted per time interval. If the peak keyword is specified, (Bc + Be) is transmitted per
time interval. When establishing burst values, increasing Bc increases the time between trans-
missions. This negatively impacts latency for time-sensitive applications if the shaping
mechanism is applied to the physical interface. When configuring shaping using the MQC, if
voice traffic is present, it is normally assigned to the LLQ. When assigned to the strict-priority
LLQ, voice traffic present in the queue is immediately serviced ahead of other traffic. Therefore,
voice streams are not affected by shaping imposed on the other configured queues. If shaping is
applied to a physical interface, however, Bc and its effect on network traffic must be carefully
considered, particularly if voice traffic traverses the same interface.
In addition to the previous shape command, DTS provides mechanisms specific to Frame
Relay environments. When congestion is experienced within a Frame Relay cloud,
switches within the cloud send congestion notifications—forward-explicit congestion
notifications (FECNs) and backward-explicit congestion notifications (BECNs)—to the
end devices. These congestion notifications inform the devices along the transmission path
that congestion has occurred and transmission rates should be throttled. The first command
listed instructs the receiving interface to send BECNs back to the transmitting device once
a FECN is received from the network. The second command specifies what transmission
rate the interface should adjust to in the event congestion is detected. Both commands are
configured using the MQC and applied under the policy map class:
ss
ss
hh
hh
aa
aa
pp
pp
ee
ee
ff
ff
ee
ee
cc
cc
nn
nn
--
--
aa
aa
dd
dd
aa
aa
pp
pp
tt
tt
shape adaptive {
rate
}
Policing and Shaping 361
NOTE Frame Relay operation is beyond the scope of this book. For more information regarding
Frame Relay, refer to the Frame Relay technology overview document at Cisco.com.
The following example demonstrates how to configure DTS on the FlexWAN module. In
this example, all traffic on serial 3/0/2 is shaped down to 2.4 Mbps. This example shows the
upstream transmitting and downstream receiving interfaces and the shaping mechanism
operation. Figure 9-3 depicts how these devices are connected.
Figure 9-3 Distributed Traffic Shaping
Example 9-12 Configuring and Verifying Distributed Traffic Shaping
MSFC#configure terminal
MSFC(config)#access-list 150 permit ip any any
MSFC(config)#class-map All-traffic
MSFC(config-cmap)#match access-group 150
MSFC(config-cmap)#policy-map Shape-Interface
MSFC(config-pmap)#class All-traffic
MSFC(config-pmap-c)#shape average 24000000
MSFC(config)#interface serial 3/0/2
MSFC(config-if)#service-policy output Shape-Interface
MSFC(config-if)#end
Transmitting#show interfaces serial2/0
Serial2/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.50.2/30
MTU 1500 bytes, BW 4000 Kbit, DLY 20000 usec,
reliability 255/255, txload 255/255, rxload 26/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
serial 3/0/0
Traffic is shaped to 2.4 Mbps to
conform to policy on downstream
receiving interface
serial 3/0/2
Traffic
Flow
TransmitterReceiver
2.4 Mbps
serial 1/0
4 Mbps
serial 2/0
Service-policy output
Shape-Interface
continues
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset