Shaping+and+Policing

Shaping works by settings a static //**time interval (Tc)**//. It then calculates the number of bits that can be sent in a Tc so that over time the toc speed matches the shaping rate.

The number of bits that can be sent in each Tc is called the committed burst (Bc).

Be bits are sent in one or more Tc intervals.

Formula for Tc: Tc = Bc/shaping rate

With bursts, shapers use the idea of buckets. Each bucket uses "tokens" which represent a bit. The shapers performs the following:


 * 1) At the beginning of each Tc, the bucket is filled with tokens.
 * 2) Tokens are spent for the right to forward bits

When not using Be, If the bucket is already full when new tokens are added, those tokens are discarded. Normally, the buck is of size Bc and each Tc Bc amount of tokens are added. Any data that is sent, not just Be, require tokens. With Be, any unused tokens are left in the bucket and when Bc, tokens are added, there is enough tokens for extra bits to be sent.

=Shaping with Frame relay=

Frame relay shaping can be configured to vary the shaping rate over time. When congestion occurs, the shaping rate can be lowered. This will occur until the minimum shaping rate is reached. By default, this is 50% of the shaping rate. This is called the //**minimum information rate (MIR).**// To lower the shaping rate, congestion is recognized via one of the following:


 * a BECN bit set on a frame
 * Receipt of a ForeSight message (Cisco only)

Each time one of the signs are seen, the shaping rate is lowed by 25% of the max rate. To do this, The Bc and Be are decreased by that amount. The Tc value is kept the same. The rate will grow after 16 consecutive Tc's without congestion, and will increase by 1/16th of the shaping rate during each Tc.

=Class based shaping configuration=

Shaping is configured under an interface or subinterface and the only new command is:

//** #shape [average | peak] mean-rate burst-size ] [ excess-burst-size  **//

It can be enabled for output packets only. As with other class based commands, its set with the //**#service-policy output**// command under and interface. When packets are shaped, they are placed in a shaping queue. Shaping is active one the shaping queue fills, and is only inactive once all packets leave the shaping queue.

Shaping can also be configured based on a percentage of the bandwidth:


 * Subinterfaces do not inherit bandwidth from interfaces. If not set, the default is 1544.
 * Bc and Be are configured as miliseconds
 * Tc is set to Bc

Normally, shaping is configured with the //**#shape average**// command, but you can also configure #shape peak. This has one different behavior than average: It refills the Bc and Be tokens in the bucket each Tc.This means that the excess burst is allowed each shaping period. The forumla changes to: //**shaping rate = configure_rate (1 +Be/Bc)**//

=Frame Relay Traffic Shaping=

There are a few differences between normal shaping:


 * Can only be configured on a frame relay interface
 * No fancy queuing tools can be configured on the interface
 * Traffic is always shaped separately on each VC
 * FRTS cannot classify traffic to shape a subset of traffic
 * The CIR, Bc and Be can be dynamically learned via Enhanced LMI

Shaping parameters are configured using //**#map-class frame-relay**//. Then the //**#frame-relay class**// command refers to those classes. It can also be assigned as an option to the //**#frame-relay interface-dlci**// command. This command will take preference if both are configured. Shaping can also be set with **//#frame-relay traffic-rate average [peak]//.** This uses an assumed Tc of 125ms and offers no way to set Tc, Bc or Be. The Be is calculated as: Be = Tc * (PIR – CIR)

Instead, you can also set these parameters directly with //**#frame-relay [cir|Bc|Be]**//, still configured inside the map-class.

=Class based policing=

Policing is configured for packets either entering or exiting an interface. It monitors the metered rate of the packet, and when that packet exceeds the rate, action is taken against it. The following actions exist:



The policer classifies packets into either conforming, exceeding or violating.

Single Rate, Two Color
This is the simplest type of policing. It uses a single policing rate, and no excess burst. Packets are either conforming or exceeding. Tokens in policing are represented as bytes, and are refilled not on time intervals, but when a packet comes in. The number of tokens replenished are decided by the formula:

Basically, the tokens replenished every second are equal to the policing rate.

Single Rate, Three Color
This allows the policer to police at a specific rate, but also still use a Be. In this method, two buckets are used. Also, the extra category of violating exists to classify packets.

As before, the bucket is refilled when a packet arrives. The first bucket is called the Bc bucket (Because it is of size Bc). The second bucket is called the Be bucket. If, when filling the Bc bucket, more than Bc tokens exist, the extra still over into the Be bucket.





Two Rate, Three Color
In this method, two policing rates exist. The lower rate is the CIR, the second rate is the Peak information rate (PIR). Packets under the CIR conform, Packets below the PIR but above the CIR exceed, and packets above the PIR violate. The main difference between this method and the others is that it allows for sustained bursts.

The buckets in this method are filled a bit differently:



Class based policing configuration
Policing is configured with the normal class based commands, with the addition of:

//** #police bps burst-normal burst-max conform-action action exceed-action action [violate-action action ]**//

1R, 3C ex//**:** **police cir 96000 bc 12000 be 6000 conform-action transmit exceed-action set-dscptransmit 0 violate-action drop**//

If you do not configure a Bc, a default is chosen based on the forumla: If a Be value is not configure, the default depends on the type of policing

Dual rate policing configure is basically the same, with a variation on the police command

//**#police {cir cir } [bc conform-burst ] {pir pir } [be peak-burst ] [conform-action action [exceed-action action [violate-action action ]]]**//

If you want to configure multiple actions for a category, you can omit the actions from the police command and be placed into a policing sub configuration mode where you can define multiple actions.

Committed access rate
CAR is configured outside of the normal CB commands, but is similar in most ways except a few:


 * Uses the rate-limit command, with multiple being allowed on an interface to process a single packet
 * The violate category is not supported
 * When a Be is configured, the logic to determine conform or exceed is different

This command is added under an interface:

//**rate-limit {input | output} [access-group [rate-limit] acl-index ] bps burst-normal burst-max conform-action conform-action exceed-action exceed-action**//

To match packets, CAR requires either a normal ACL or a rate-limit ACL, which can match IPP, mac address or MPLS experimental bits.