Monday 5 June 2017

QoS: Traffic Policing vs Traffic Shaping

This article will focus on understanding how QoS techniques such as traffic policing and shaping are performed (and contrasted) and how values such as burst rates can be calculated.

One of the fundamental differences between the two is that policing involves dropping traffic when the bucket is full - while shaping put excess traffic into a queue  for submission and is gradually released resulting in a smoother flow of traffic.

This can be illustrated below (credit to Cisco for this diagram):

It is also worth noting that traffic shaping only works on outbound traffic (traffic leaving the device) - while policing will work on both ingress (traffic coming to the device) and egress traffic.

Key Terms / Formulas

I'll firstly go over some of the key terms:

Committed Information Rate (CIR) = 10000000 (10Mbps)
Burst Commit Bucket (Bc) = CIR * 0.125s = 1875000
Time Interval (Tc) = Bc / CIR = 0.125s

In this case the bucket will be emptied after 0.125s - which for some purposes might be perfectly fine - however if you are supporting a large file server you'd want the TC to be much higher - the burst rate and Tc will depend greatly on your network type and quite often you will have to tweak it for best performance. The formular for burst rate is above is the default one provided by Cisco in their documentation.

Traffic Policing Example (Egress)

Presuming the port speed is 100mb - the following configuration would limit egress traffic to 20mb:

int fa0/1-48
srr-queue bandwidth limit 80

Traffic Policing Example (Ingress)

We have to create a service policy for ingress policing:

mls qos

class-map match-all rate-limit
  description Bandwidth Control
 match ip dscp default

policy-map GeneralTraffic
 class rate-limit
  police 10000000 192000 exceed-action drop

int range fa01-48
service-policy input GeneralTraffic

Traffic Shaping Example (Egress)



Post a Comment