Copyright © 2000, Cisco Systems, Inc. 1
© 2000, Cisco Systems, Inc.
Wide Area NetworksWide Area Networks
Copyright © 2000, Cisco Systems, Inc. 2
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Section I
Policy / Shaping
Section I
Policy / Shaping
© 2000, Cisco Systems, Inc. www.cisco.com
Copyright © 2000, Cisco Systems, Inc. 3
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Objectives
Objectives
Upon completion of this module section, you will be able to
perform the following tasks:
• Describe the difference between policing and shaping
and how each one relates to QoS
• Describe committed access rate (CAR), when to apply
CAR, how to configure CAR
• Describe Modular Quality of Service Command Line
Interface (MQC) policing and how to configure it
• Identify the three types of traffic shaping, their
differences, and how to apply each
The purpose of the lesson is to quickly survey the new policing and traffic shaping
features in Cisco IOS Release 12.1, and to describe the problems they solve.
Copyright © 2000, Cisco Systems, Inc. 4

to the top left site?
In this section, some of the QoS techniques that help resolves issues such as
theseare examined.
Copyright © 2000, Cisco Systems, Inc. 5
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Internet
Policing and traffic shaping occur
within the network to provide congestion
management and control bursts
Policing and traffic shaping occur
within the network to provide congestion
management and control bursts
Network Management
Policing and Shaping
Policing and Shaping
In this module section, policing and traffic shaping are discussed. Both of these
traffic engineering methods occur within the network as indicated by the heavy
ellipse in the slide. They use the already marked Type of Service (ToS) or
Differentiated Services Code Point (DSCP) bits discussed in the previous module.
With policing the rate at which traffic can flow is capped. This is usually done
inbound to control how fast someone sends data.
With shaping, smooth out bursts for a steadier flow of data. Reduced burstiness
helps reduce congestion in a network core.
Copyright © 2000, Cisco Systems, Inc. 6
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Policing

queue for the same sort of purpose.
Copyright © 2000, Cisco Systems, Inc. 8
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Time
Traffic
Time
Traffic Rate
Traffic Policing
Versus Shaping
Traffic Policing
Versus Shaping
Policer
Causes TCP
resends
Oscillation of TCP
windows
Policer can be marker
also (CAR)
Policer on input
interface only
Shaper
Can adapt to network
congestion (FR BECN,
FECN)
Shaping
Traffic
Traffic Rate
Policing

• MQC
Traffic shaping
Copyright © 2000, Cisco Systems, Inc. 10
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Committed Access Rate (CAR)
Committed Access Rate (CAR)
CAR performs three functions:
• Packet classification
• Packet marking—IP Precedence
and QoS group setting
• Manage access bandwidth through rate
limiting (policing)
CARs rate-limiting feature manages a network's access bandwidth policy by ensuring
that traffic falling within specified rate parameters is sent, while dropping packets that
exceed the acceptable amount of traffic or sending them with a different priority. CARs
exceed action is to drop packets.
The rate-limiting function of CAR does the following:
• Allows the control the maximum rate of traffic transmitted or received on an
interface.
• Gives the ability to define Layer 3 aggregate or granular incoming or outgoing
(ingress or egress) bandwidth rate limits and to specify traffic-handling policies
when the traffic either conforms to or exceeds the specified rate limits.
• Uses aggregate bandwidth rate limits to match all of the packets on an interface or
sub-interface.
• Uses granular bandwidth rate limits to match a particular type of traffic based on
precedence, MAC address, or other parameters.
CAR is often configured on interfaces at the edge of a network to limit traffic into or
out of the network.

Once a packet has been measured as conforming to or exceeding a particular rate
limit, the router performs one of the following actions on the packet:
• Transmit—The packet is sent.
• Drop—The packet is discarded.
• Set precedence (or perhaps DSCP bits) and transmit—The IP Precedence
(ToS) bits in the packet header are rewritten. The packet is then sent. Use this
action to either color (set precedence) or recolor (modify existing packet
precedence) the packet.
• Continue—The packet is evaluated using the next rate policy in a chain of rate
limits. If there is not another rate policy, the packet is sent.
Copyright © 2000, Cisco Systems, Inc. 12
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Application Hosting
Backbone
3) Invoke QoS policy action
based on edge
classification, for example,
drop low priority via WRED
if burst limit exceeded
1) Packet marking
through IP Precedence
and QoS group settings.
Based on ACL or
inbound interface
2) Apply rate limiting to matching
traffic pattern, for example,
25Kbps of traffic to “Bronze”
San Jose

Action Policies
CAR
Action Policies
Configurable actions:
• Transmit
• Drop
• Continue (go to the next
rate-limit or police statement in the list)
• Set precedence and transmit (rewrite the IP
Precedence bits and transmit)
• Set precedence and continue (rewrite the IP
Precedence bits and go to the next
rate-limit or police statement in the list)
In Release 11.1 CC the CAR rate limit list is not bounded as to length.
Each CAR rate limit statement is checked sequentially for a match. When a match
is found the token bucket, if there is one, is evaluated.
If the action is a “continue” action, the policer will go to the next rate-limit on the
list to find a subsequent match. If a match is found, the traffic is subjected to the
next applicable rate-limit.
If an end of rate-limit list is encountered without finding a match or “continue”
action, the default behavior is to transmit.
Copyright © 2000, Cisco Systems, Inc. 14
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
MQC Policing Actions
MQC Policing Actions
The available actions are different than
with CAR:
• transmit

econ_0481_09_010.ppt
Additional Policy Map Policing
and Shaping Options
Additional Policy Map Policing
and Shaping Options
Policing policy-map options:
• police bps conform action exceed action
• set ip precedence number
• set qos-group number
Distributed Traffic Shaping (DTS)
policy-map options:
• shape [average | peak] meanrate [burst-size
[excess-burst-size]]
• shape fecn-adapt
• shape adaptive
ATM CLP policy-map options:
• set atm-clp
The commands shown are some of the other options to use in the MQC policy
map. They are listed here so all options can be referenced back to this location in
the module section.
DTS commands will be covered in more detail later in this module. To turn on
DTS, enter any of the shape commands.
Copyright © 2000, Cisco Systems, Inc. 17
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Additional Policy Map
Queuing Options
Additional Policy Map
Queuing Options

© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
• LAN traffic tends to be bursty and bursty traffic
is the root of all evil…
• Shaping is highly beneficial if downstream
device is policing
–Avoids the “instantaneous congestion”
–Space the traffic to conform to traffic contract
• Packet bursts are queued instead of being
dropped, quickly training TCP sources to send at
the desired rate
• Resulting packet stream is “smoothed” and net
throughput for bursty traffic is higher
Why Traffic Shaping?
Why Traffic Shaping?
The slide lists some of the reasons for Traffic Shaping.
Copyright © 2000, Cisco Systems, Inc. 20
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Token Bucket
Bc token-bits
are added every Tc
The packets are sent at access
speed as long as there are enough
token bits
Bc + Be: is the maximum
number of token bits that
can be stored

Relay.
Copyright © 2000, Cisco Systems, Inc. 21
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Token Bucket with Class-Based
Weighted Fair Queuing
Initialization:
• Token bucket = Bc+Be
At each Tc:
• Token bucket = min (token bucket + Bc, Bc+Be)
In operation:
• While (token bucket is not empty):
–De-queue traffic from Weighted Fair Queuing
(WFQ)or traffic arrives (if WFQ empty)
–If token bucket is not empty:
• Token bucket = token bucket less message size
• Forward the traffic
–Else: fair queue the traffic
A token bucket is a formal definition of a rate of transfer. It has three components:
a burst size, a mean rate, and a time interval (Tc). Although the mean rate is
generally represented as bits per second, any two values may be derived from the
third:
• Mean rate—Also called the committed information rate (CIR), it specifies how
much data can be sent or forwarded per unit time on average.
• Burst size—Also called the Committed Burst (Bc) size, it specifies in bits per
burst how much can be sent within a given unit of time to prevent scheduling
concerns.
• Time interval—Also called the measurement interval, it specifies the time
quantum in seconds per burst.

Traffic shaping allows the control of traffic going out an interface in order to match its flow to
the speed of the remote, target interface and to ensure that the traffic conforms to policies
contracted for it. Thus, traffic adhering to a particular profile can be shaped to meet
downstream requirements, thereby eliminating bottlenecks in topologies with
data-rate mismatches.
The primary reasons traffic shaping should be used are to control access to available
bandwidth, to ensure that traffic conforms to the policies established for it, and to regulate the
flow of traffic in order to avoid congestion that can occur whenthe sent traffic exceeds the
access speed of its remote, target interface.
Traffic shaping limits the rate of transmission of data. Limit the data transfer to one of the
following:
• A specific configured rate
• A derived rate based on the level of congestion
Generic Traffic Shaping (GTS) shapes traffic by reducing outbound traffic flow to avoid
congestion by constraining traffic to a particular bit rate using the token bucket mechanism.
GTS applies on a per-interface basis and can use access lists to select the traffic to shape. It
works with a variety of Layer 2 technologies, including Frame Relay, ATM, Switched
Multimegabit Data Service (SMDS), and Ethernet.
On a Frame Relaysubinterface, GTS can be set up to adapt dynamically to available
bandwidth by integrating Backward Explicit Congestion Notification (BECN) signals, or set
up simply to shape to a pre-specified rate. GTS can also be configured on an ATM AIP model
interface to respond to Resource Reservation Protocol (RSVP) signaled over statically
configured ATM permanent virtual circuits (PVCs).
Copyright © 2000, Cisco Systems, Inc. 23
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Generic Traffic Shaping
Generic Traffic Shaping
Applies to:

Enforces a maximum transmit rate
Temporarily reduces transmit rate when signaled by Frame Relay (FR)
Backward Explicit Congestion Notification (BECN) bits set in incoming
frames
Shapes up to 200 FR Virtual Channels (VCs) at OC-3 rates with average
size packets on a VIP2-50
Released in 12.0(4)XE, 12.0(7)S
Distributed Traffic Shaping (DTS) benefits:
• Offloads traffic shaping from the route switch processor (RSP) to the Versatile
Interface Processor (VIP).
• Supports up to 200 shape queues per VIP, supporting up to OC-3 rates when the
average packet size is 250 bytes or greater and when using a VIP2-50 or better with 8
MB of SRAM. Line rates below T3 are supported with a
VIP2-40.
The limitations are:
• Only IP traffic can be shaped
• dCEF must be enabled
• FastEtherChannel, Tunnel, VLAN and ISDN / Dialer interfaces are not supported
For additional information see:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/
120xe/120xe5/dts.htm
Copyright © 2000, Cisco Systems, Inc. 25
© 2000, Cisco Systems, Inc. www.cisco.com
Keep All Graphics Inside This Box
econ_0481_09_010.ppt
Frame-Relay Traffic Shaping
Frame-Relay Traffic Shaping
• Rate enforcement on a per-VC basis
–Peak rate for outbound traffic can be set to
match CIR or another value