CRS traffic shaping and policing

Similar Messages

• Traffic Shaping and Priortization in ASA

  Hi Everyone,
  I  read that traffic prioritixation is always applied outbound direction when traffic is trying to leave the ASA.
  Also i read that traffic Shaping can be applied to all outgoing traffic on a interface.
  need to know if traffic shaping and priortization means same thing in ASA ?
  There direction is always  outbound?
  Regards
  MAhesh

  Hello Mahesh,
  Not sure I get it but let me see if I can help,
  Priority traffic: Basically allows you to split the interface into 2 different queues, one for low latency traffic and the other for best effor traffic. The one being on the Priority queue will always get served first.
  Traffic Shapping:It's the buffering QoS techique that allows you to configure a limit of bandwith that you will provide to a certain traffic class, when you reach that limit the traffic that goes over the limit will be placed into a software queue, where it will be "holded". That's the different between traffic shapping and policing as whit traffic policing you will drop the offending traffic, with shapping you will hold it (so this is not good for Low latency traffic).
  Now regarding the direction Traffic shapping can only be done on the outbound direction as queuing is an outbound process.
  For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/
  Cheers,
  Julio Carvajal Segura

• QoS Traffic shaping and peak shaping

  Hi,
  Could somebody tell me what is the difference between traffic shaping and peak shaping?
  Kind Regards.

  Standard traffic shaping (the shape average command) will keep the average rate of the traffic to the limit you specify, which should be the committed rate of your circuit.
  Peak shaping will also do traffic shaping (using queues, etc), guaranteeing a minimum rate, but will allow traffic to levels to burst above your configured (committed) rate.
  From the documentation:
  Traffic shaping limits the rate of transmission of data. In addition to using a specifically configured transmission rate, you can use Generic Traffic Shaping (GTS) to specify a derived transmission rate based on the level of congestion.
  You can specify two types of traffic shaping; average rate shaping and peak rate shaping. Average rate shaping limits the transmission rate to the CIR. Using the CIR ensures that the average amount of traffic being sent conforms to the rate expected by the network.
  Peak rate shaping configures the router to send more traffic than the CIR. To determine the peak rate, the router uses the following formula:
  peak rate = CIR(1 + Be / Bc)
  where:
  •Be is the Excess Burst size.
  •Bc is the Committed Burst size.
  Peak rate shaping allows the router to burst higher than average rate shaping. However, using peak rate shaping, the traffic sent above the CIR (the delta) could be dropped if the network becomes congested.
  If your network has additional bandwidth available (over the provisioned CIR) and the application or class can tolerate occasional packet loss, that extra bandwidth can be exploited through the use of peak rate shaping. However, there may be occasional packet drops when network congestion occurs. If the traffic being sent to the network must strictly conform to the configured network provisioned CIR, then you should use average traffic shaping.
  Examples
  The following example sets the uses average rate shaping to ensure a bandwidth of 256 kbps:
  shape average 256000
  The following example uses peak rate shaping to ensure a bandwidth of 300 kbps but allow throughput up to 512 kbps if enough bandwidth is available on the interface:
  bandwidth 300
  shape peak 512000

• Traffic shaping and BW reservation/prioritization - L2 header included?

  Hi,
  This question might seem to be dumb but I will still ask.
  On ISR platform, does it take into consideration of the L2 header size when specifying the bandwidth? Please see below for the configuration. My question is the rates configured in "shape", "priority" and "bandwidth".
  policy-map TEST
  class class-default
  shape average 512000
  service-policy TEST-nested
  policy-map TEST-nested
  class Voice
  priority 60
  <... some other classes>
  class class-default
  bandwidth 100
  I am asking because in the "show policy-map interface xxx" output, I see that number of bytes matched in each class does include the L2 header size.
  Thanks!

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  "So is "priority" same as the "bandwidth" which only assigns the dequeuing weights?"
  No, priority is the keyword for LLQ.  Traffic in the LLQ is always has absolute priority over all other traffic.  Although there's only one LLQ, each LLQ class also has its own implicit policer.
  "Traffic exceeding the "priority" or "bandwidth" configured will fall in the "class-default" and will be handled equally with the traffic in that class, correct?"
  No.  Traffic always says in the matched class.  The class-default class if the class that matches "none-of-the-above".  You always have a class-defaut.  (I.e. it doesn't have to be explicitly defined, but when explicitly defined, you have set different options.)
  "Another question which is irrelevant, is that what queuing does class-default use?"
  By default, FIFO.
  "Should I use "fair-queue"?"
  I personally like FQ in all classes that support it, but insufficient information to say whether you you use it.
  "I know that "fair-queue" cares for the DSCP dynamically."
  Not post HQF.  (Which should be the case on a 39xx router.)
  "Does it also care about packet size or smaller packets get better treatment than big TCP file transfer packet?"
  Yes and no.  FQ monitors bandwidth usage.  In theory, a single small packet gets "better" treatment vs. a single large packet because the former consumes less bandwidth.  However, if the sum consumption of a sequence of small packets equals the single large packet, the transmission rate from two queues should be about equal (I'm also assuming the two flows are prioritized the same).

• Firewall for traffic shaping and bandwidth

  Hi all,
  I want one basic firewall for my small office. I have 15 to 20 users in my office. Please suggest me which firewall suitable for me? Please help me. Thanks

  Hi Sandeep,
  I guess this is mainly for day to day general work activities like browsing etc. You can go with ASA5505 with 50User license. In future if number of users grow, you can upgrade the license as well with no additional hardware costs.
  hth,
  MS

• Configuring QoS for FIOS Router MI-424WR: Traffic Priority and Shaping

  Please only read on if you are an experienced internet user familiar with setting the advanced QoS and Firewall settings for the MI-424WR and make use of wireless adaptors from a PC to provide connectivity.
  This is my first post and my first week since I moved from Time Warner Cable over to FIOS for iNet (plus HDTV and phone).     While all my services work, the router as delivered and setup is not optimum for internet quality of service.  Instead it was probably out of the box optimized for HDTV and telephone to satisfy most customers and reduce support overhead.   The average FIOS consumer is multimedia sensitive, but that is not so in my genre of internet consumer.   Here in lies the core of my reason for seeking help from like minded and experienced users in this community.
  One of the main driving forces in my switching to FIOS was to improve my multiplayer gaming experience where ultra low ping latency and high upload data rates dramatically affect the quality of connection and thus gameplay.    The cable internet service from TimeWarner was providing solid 2MB/1MB down/up data rates with no issues like what Im having now with FIOS.   Again the reason for the switch was both financial and in hope of gaining better data rates and quality of service.   Now with FIOS Im getting about 24/15 down/up data rate on the Extreme FIOS 25/25 plan when measured from my house to Los Angeles server (50 miles away) via Speedtest.net or DslReports.com/tests.     Latency wise, the ping has gone down from 150 to 50ms when measured to my friends who I connect to online that are on the East coast.   The data rate and latency has greatly improved in going from Cable to FIOS.   So far, so good.
  Where the problem shows up now, is that now I get an internet "hiccup" every 5-10 minutes that lasts about 1/2 to 2 seconds.   For the average internet user that just streams multimedia or cruises on the net; this is probably undetectable or noticed.   I never had this problem over the same PCs connected wirelessly to my DLINK DGL-4500 Gaming Router when my ISP was TimeWarner's cable service.    Now, using the FIOS and MI-424WR router with everythings being the same; Im experiencing this degregation in quality of service.    Even putting the PC's IP into the DMZ doesnt make any difference, so it is not related to port forwarding.    The issue is squarely in the lap of FIOS and this router as delivered and configured.    This is where the "game" is a foot, and where I need expertise in an area Im new to. 
  I am not new to being hands on with inet trouble shooting asI have been setting up my own home network (I work from home over VPN to work) for decades;  I would like to leverage the skills of those who are experts in the area that I think can address this issue.   That being QoS and the other device class mechanisms of this router.   Its my guess that this periodic hiccup can be minimized and even eliminated using these advanced features of this all-in-one TV/iNet/Tele router.   
  With that context being laid down, this hiccup doesnt show up if:
  a.  I connect two PCs connected to the same ethernet hub of the MI-424WR (traffic just over the LAN and not WAN)
  b.  When I was on Cable with my own gaming router wirelessly DHCP connected to my PC and using port forwarding or using the DMZ.  
  The hiccup does exist when:
  a.  Going from internet through the MI-424WR to the wireless DHCP connected PC with port forwarding
  b.  Even putting the wireless DHCP connected PC into the MI-424WR's DMZ has no effect
  I did read the manual and tried some QoS pritority and shaping and managed to reduce how often the hiccup occured, but I was just making guesses at the settings.   I put in the IP for the PCs I use for my gaming applications (which are very ping and jitter sensitive) into the QoS priority (value 7) and shaping GUI.    Im hoping someone with experience can tell me exactly how to use it and what settings to input.   Im not clear on the device and connection types offered in the QoS menus. 
  Another thing, is I couldnt find settings for the turning on/off the ICMP echo.   But I assume this is on because it can be pinged by folks on the net to my WAN IP.
  Here is the manual for the Verizon provided M424WR router (Current Version of firmware: 20.10.7)
  download link
  Here are the QoS traffic priority and shaping values Ive been experimenting with:
  Click to view QoS Traffic Priority
  Click to view QoS Traffic Shaping
  And why it matters to have a solid and stable inet connection for internet gaming?  The hiccup causes slewing or jitter which equates to positional errors in the 3D world that ruins the smooth gameplay that is needed for high end gaming.
  Heres a snapshot of me flying the wing of another flight simmer who is on the East coast and me on the West coast.
  Click to view
  Thank you in advance.
  Thomas "AV8R"
  MSEE

  TMAS wrote:
  the router as delivered and setup is not optimum for internet quality of service.  Instead it was probably out of the box optimized for HDTV and telephone to satisfy most customers and reduce support overhead.  
  That's not accurate.  VZ telephone service does not go through the Actiontec.  Also, there are no default settings for QOS in the Actiontec since QOS is rarely needed with FIOS upload speeds.
  TMAS wrote:I get an internet "hiccup" every 5-10 minutes that lasts about 1/2 to 2 seconds.  
     You should not be experiencing periodic "hiccups".  Something is clearly amiss.
  TMAS wrote:
  With that context being laid down, this hiccup doesnt show up if:a.  I connect two PCs connected to the same ethernet hub of the MI-424WR (traffic just over the LAN and not WAN)
  The hiccup does exist when:
  a.  Going from internet through the MI-424WR to the wireless DHCP connected PC with port forwarding
  b.  Even putting the wireless DHCP connected PC into the MI-424WR's DMZ has no effect
  Lets see.  The issue shows up on a wireless connection, but not a wired connection.  You think this is a QOS issue and not a wireless issue why?  Have you tried changing the wireless channel?  It very possible you have neighbors on the same channel.  Is the DGL-4500 wireless still on?  Could that be interfering?TMAS wrote:
  Another thing, is I couldnt find settings for the turning on/off the ICMP echo.  
  The settting to enable/disable ICMP echo is on the Firewall/Remote Administration page.
  TMAS wrote:
  Here are the QoS traffic priority and shaping values Ive been experimenting with:Click to view QoS Traffic Priority
  Click to view QoS Traffic Shaping 
  The traffic proirity settings you linked are applied only to your wireless connections.  QOS between the router and your wireless PC will only serve to prioritize traffic between the router and that PC and have no affect on your internet traffic.  Assuming you are not running browsers, VOIP and other traffic from that PC while you're gaming, then that will not accomplish anything.  i.e.  You're giving your only traffic highest priority, but that traffic is not competing with anything (except other nearby wireless connections on the same channel).
  On the traffic shaping screenshot, you have broadband ethernet checked, but according to your other thread, your WAN connection is Broadband Coax, not Broadband ethernet.

• Gigabit EtherSwitch 10/100/1000BASE-TX autosensing EHWIC Traffic Marking and Shaping

  Hi all,
  i need to know an information about this module.
   Gigabit EtherSwitch 10/100/1000BASE-TX autosensing EHWIC
  I found on docs that it supports the SWDRR mechanism for queueing, but does it support also 
  traffic shaping and marking ?
  i cannot find this info and i'd be thankful if someone knows it or can point me where this info is.
  Thanks a lot
  smaikol

  ok, at least Jack is doing better now. Don't know why, I just play around with limits.conf, /etc/pam.d/su and deleted the content of /dev/shm directory.
  Now the settings are the same as before, but  I'm getting far less xruns and luckily without these disturbing plopps.
  Last edited by redbit (2009-01-07 15:52:36)

• Traffic Shaping - can't get it to work

  Hi
  I’m attempting to create a basic traffic shaping policy in a lab environment but I can’t seem to get it to limit the download rate?
  I can successfully achieve this with policing. I am testing the speed restriction using a broadband speed testing website, policing is clearly impacting the download rate, this is not the case with shaping. Please see below the shaping and policing policies, which I am attaching in turn to the vlan1 interface outbound.
  Further I have messed around with the below shaping policy and set a fixed cir as in the policing policy but it still has no impact on the download speed.
  Finally class SLOW_PC under PM POLICE matches an ACL matching traffic to and from a particular IP address. The speedlimiter is matching all traffic
  Policy Map speedlimiter(Shaping)
      Class class-default
        Average Rate Traffic Shaping
        cir 1%
    Policy Map POLICE
      Class SLOW_PC
       police cir 1048500 bc 32765
         conform-action transmit
         exceed-action drop
  any help appreciated

  Shaping and policing can both can be used for outbound traffic on an interface, but only policing can be used for inbound traffic. If you're trying to use shaping (which works by managing the queue) on inbound traffic (which has no manageable queue) it will have no effect. Policing is the only option in this case.

• Firewall for traffic shaping

  Hi all,
  I want one basic firewal which can manage traffic shaping. I am implimenting it in my small office around 15 to 20 users or more. Please suggest me which firewall is suitable for my office?.  thanks

  Hi Sandeep,
  The ASA5505 is a basic firewall which supports traffic shaping and it is suitable for the number of users. Here is more infomration about traffic shaping and QoS
  http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html
  You can also compare the differente models
  http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-a,
  Thanks,
  Itzcoatl

• Is Cisco Nexus 5596UP support vlan base Policing and traffic shaping on code NX OS version: 5.1(3)N1(1)

  Is Cisco Nexus 5596UP support vlan base Policing and traffic shaping on code NX OS version: 5.1(3)N1(1)
  where i couldn't see any police command under the policy map 

  I have tested this issue on another 5548UP with L3 running the same NX-OS version and get the same problem. Show CDP from the switch is not discovering devices, but the neightbors can see the 5K in question. Reboot sometimes will fix it, but not always. I suspect a problem with the software since that doesn't happen in NX-OS 5.2. The one I am using is
  Software
    BIOS:      version 3.6.0
    loader:    version N/A
    kickstart: version 5.1(3)N2(1)
    system:    version 5.1(3)N2(1)

• How do you tell if a 3750 interface is shaping or policing traffic?

  We have an Avaya PBX Medpro board plugged into a 3750 port with the following configuration:
  interface FastEthernet1/0/4
  description PBX Medpro-1
  switchport access vlan 10
  switchport mode access
  duplex full
  speed 100
  srr-queue bandwidth share 10 10 60 20
  srr-queue bandwidth shape 10 0 0 0
  mls qos trust dscp
  auto qos voip trust
  Everything was working fine until the PBX call level went above 110 calls (G-711) which pushed the interface to more than 10mbps. When this happened random calls out of that medpro became garbled and after lots of troubleshooting we came to the conclusion that the default auto qos settings where the problem.
  Default auto qos puts these statements on an interface:
  srr-queue bandwidth share 10 10 60 20
  srr-queue bandwidth shape 10 0 0 0
  ...which means that queue 1 will allow for 10mbps of traffic and then shaping will kick in.
  Adding the line 'priority-queue out' to the interface disables the 10mbps limitation of queue 1 and instead forces the interface to process every packet that goes into the priority queue before anything else.
  My question is - is there a 'show' command that we can use to see shaping at work? On router ports with a service policy that has shaping or policing on it you can see the shaping/policing in real time with 'show policy....'
  What about on the 3750 switch ports?

  Thanks for responding. We work with DSCP so I tried your example on the port a medpro is connected to, but with DSCP, as in:
  int f0/15
  description Medpro-1
  switchport access vlan 12
  mls qos dscp 46
  srr-queue bandwidth share 10 10 60 20
  srr-queue bandwidth shape 10 0 0 0
  auto qos voip trust
  This is the output of 'sh mls qos int f0/15'
  #sh mls qos int f0/15
  FastEthernet0/15
  trust state: not trusted
  trust mode: not trusted
  trust enabled flag: ena
  COS override: dis
  default COS: 0
  DSCP Mutation Map: Default DSCP Mutation Map
  Trust device: none
  qos mode: port-based
  Note - it doesn't show that 'mls qos dscp 46' did anything. Also it won't take the command 'mls qos dscp override', so how do I tell to mark incoming packets to DSCP 46?

• Catalyst 2950-EMI, QoS, traffic classification and shaping

  Dear All,
  Can 2950-EMI perform traffic classification and shaping?
  Let's say I have some workstations attached on my 2950 and I want to perform traffic classification and shaping on the uplink based on the IP address of workstations.
  Thanks a lot.
  mak

  Shaping is not supported. But you can classify and use policing instead.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swqos.htm

• MPLS Traffic Shaping/Policing on PE-CE link

  Hi everyone,
  We are considering to upgrade our remote sites to MPLS/VPN type of connectivity from ATM/FRASI.
  Lets say we take a 10Mb link in the main office and 2-4Mb links for remote sites. Majority of servers (services) reside in main site, so majority of traffic flow will be from main site to remote sites.
  1. Since CE at main site sees all the remote sites "coming" from provider's PE, how can you handle traffic shaping/policing issues on this main site CE?
  2. Do you use MQC based on destination IP to apply shaping/policing configs on the CE-PE interface?
  3. Is it necessary to even bother with this question?
  Thank a lot.
  David

  BGP contains a multitude of knobs which allow a SP to control the traffic sent on one PE-CE link as opposed to the other. One can also make use of the Link Bandwidth extended community to control how traffic is distributed among multiple egress PE-CE links.
  The VPN scheme is of course compatible with the use of traffic engineering techniques (RSVP-TE based or otherwise) in the backbone network.
  A PE may support additional QoS support by means of one or more of the following methods:
  -i. One COS per PW End Service (PWES), mapped to a single COS PW at the PSN.
  -ii. Multiple COS per PWES mapped to a single PW with multiple COS at the PSN.
  -iii. Multiple COS per PWES mapped to multiple PWs at the PSN.

• Packet filtering and traffic shaping during peak h...

  I play the online game World of Tanks and an currently exteriancing severe lagg and disconnects, the problem does not appear to be with the game/service provider but with BT, i need to know does BT  use "packet filtering" and "traffic shaping" during peak hours and if so why has it suddenly started.
  This game use's P2P to keep the latency down for players so have been advised to contact BT and ask them are they limiting these types of connections.
  Most games do not use these types of connections, but World of Tanks one does and again,been told BT just don't like them, due to the amount of connections they attempt to forge in order to have a stable latency.
  I need to know if this is going to continue as pay to play the game, therefore would have to consider changing my ISP to virgin who dont  use "packet filtering" and "traffic shaping" during peak hours .
  Quick advice would be appreciated.

  It's absolutely horrible. i turned off wifi all other devices and every other open program just to reduce my latency for 120ms to 80ms.
  Still suffer from huge packet loss.
  It would be absolutely horrible if they have started throttling worldoftanks.eu servers. Phone support is no help all they torld me to do is restart my router
  I hope this is fixed soon. There are many posts on the WoT eu official forums and everyone that is effected appears to be a BT customer.
  Some have mentioned it could be the damaged undersea cable.
  I don't have any problems with torrents being throttled or anything like that. only worldoftanks.eu being throttled.

• Traffic Shaping for perticular traffic

  class-map match-any SYSLOG-CMAP
  match access-group name SYSLOG-ACL
  policy-map SYSLOG-PMAP
  class SYSLOG-CMAP
    shape average 250000
  interface GigabitEthernet0/1
  ip address 1.1.1.1 255.255.255.252
  ip flow ingress
  load-interval 30
  duplex full
  speed 100
  service-policy output SYSLOG-PMAP
  Router1#show policy-map int GigabitEthernet0/1
  GigabitEthernet0/1
    Service-policy output: SYSLOG-PMAP
      Class-map: SYSLOG-CMAP (match-any)
        712495474 packets, 394564809213 bytes
        30 second offered rate 41000 bps, drop rate 23000 bps
        Match: access-group name SYS-LOG-ACL
          712495474 packets, 394564809696 bytes
          30 second rate 41000 bps
        Queueing
        queue limit 64 packets
        (queue depth/total drops/no-buffer drops) 0/152567902/0
        (pkts output/bytes output) 559927554/295263742429
        shape (average) cir 250000, bc 1000, be 1000
        target shape rate 250000
      Class-map: class-default (match-any)
        3774914087 packets, 1413482437872 bytes
        30 second offered rate 2796000 bps, drop rate 0 bps
        Match: any
        queue limit 64 packets
        (queue depth/total drops/no-buffer drops) 0/19837/0
        (pkts output/bytes output) 3817743535/1477901813111
  =====================================================
  Hi everyone,
  In the above configuration, I configured traffic shaping to shape the syslog traffic to certain limit. My question is, Can I apply traffic shaping to perticular traffic ? What will happen to the remaining traffic ? We have ethernet hand-of to provider but total bandwidth we can use is 8M, which is controlled by ISP. We just send all the traffic without any shaping.
  Thanks

  Traffic shaping only works from the source. there is no way (other than policing - i.e., discard) to shape through the cloud.
  If you tried to pace the traffic through the cloud, it's got to be buffered somewhere, causing latency, and ultimately discarded frames after the buffers fill.
  Policing allows the traffic through until some threshold occurs (traditional frame = DE set at Bc, discard at Be), then the traffic is dropped.
  FWIW
  Scott