Example for Configuring Traffic Policing and Traffic Shaping

This section provides an example of how to configure traffic policing and traffic shaping on interfaces.

Networking Requirements

GE 0/3/0 of Device A is connected to GE 0/1/0 of Device B. Server, PC1, and PC2 can access the Internet through Devices A and B.

Server, PC1, and GE 0/1/0 of Device A are on the same network segment. PC2 and GE 0/2/0 of Device A are on the same network segment.

The traffic from Server and PC1 to GE 0/1/0 is controlled on Device A as follows:

• A maximum of 6 Mbit/s bandwidth is assured for the traffic from Server. The bandwidth is always 5 Mbit/s in this example. For traffic of which the rate exceeds 5 Mbit/s but is less than or equal to 6 Mbit/s, packets are forwarded properly. When the traffic rate exceeds 6 Mbit/s, nonconforming traffic is treated and forwarded as BE traffic.
• The rate limit on the traffic from PC1 is 2 Mbit/s. When the traffic rate exceeds the rate limit, nonconforming traffic is dropped.

GE 0/3/0 on Device A and GE 0/2/0 on Device B have the following requirements for sending and receiving packets:

• The rate of the EF traffic arriving at Device B through GE 0/3/0 of Device A is limited to 20 Mbit/s. When the traffic rate exceeds the rate limit, nonconforming traffic is dropped.
• The rate of the EF traffic arriving at the Internet through GE 0/2/0 of Device B is limited to 30 Mbit/s. When the traffic rate exceeds the rate limit, nonconforming traffic is dropped.

Figure 1 Networking diagram for configuring traffic shaping 

Table 1
Device name	Interface	IP address
DeviceA	GE0/1/0	1.1.1.3/24
	GE0/3/0	2.1.1.2/24
DeviceB	GE0/1/0	2.1.1.3/24
	GE0/2/0	2.2.2.1/24

Precautions

When configuring traffic shaping, note the following points:

• If the CoS of a packet is re-marked as EF, BE, CS6, or CS7, the packet can be re-marked green only.
• To view the statistics about a traffic policy, you can use the statistics enable command to enable the statistics function for the traffic policy.

Configuration Roadmap

The configuration roadmap is as follows:

1. On the inbound interface GE 0/1/0 of Device A, perform complex traffic classification based-traffic policing for traffic from Server and PC1.
2. On the outbound interface GE 0/3/0 of Device A, configure traffic shaping so that the rate of the EF traffic that arrives at Device B is limited to 20 Mbit/s.
3. On the outbound interface GE 0/2/0 of Device B, configure traffic shaping so that the rate of the EF traffic entering the Internet from this interface is limited to 30 Mbit/s.

Data Preparation

To complete the configuration, you need the following data:

• Access Control List (ACL) numbers, traffic classifier names, traffic behavior names, traffic policy names, and the interfaces on which traffic policies are applied, for the traffic from Server and PC1
• Committed information rate (CIR), peak information rate (PIR), committed burst size (CBS), and peak burst size (PBS) for traffic shaping
• Traffic rate for traffic shaping and the interface on which traffic shaping is configured

Procedure

1. Configure an IP address for each interface. The configuration details are not provided here.
2. Configure Device A.
   # Configure ACL rules for data flows from Server and PC1.

   <DeviceA> system-view

   [~DeviceA] acl number 2001

   [*DeviceA-acl4-basic-2001] rule permit source 1.1.1.1 0.0.0.0

   [*DeviceA-acl4-basic-2001] commit

   [~DeviceA-acl4-basic-2001] quit

   [~DeviceA] acl number 2002

   [*DeviceA-acl4-basic-2002] rule permit source 1.1.1.2 0.0.0.0

   [*DeviceA-acl4-basic-2002] commit

   [~DeviceA-acl4-basic-2002] quit

   # Configure traffic classifiers and define ACL-based matching rules.

   [~DeviceA] traffic classifier class1

   [*DeviceA-classifier-class1] if-match acl 2001

   [*DeviceA-classifier-class1] commit

   [~DeviceA-classifier-class1] quit

   [~DeviceA] traffic classifier class2

   [*DeviceA-classifier-class2] if-match acl 2002

   [*DeviceA-classifier-class2] commit

   [~DeviceA-classifier-class2] quit

   # Define a traffic behavior. Set the bandwidth for the traffic from Server to 5 Mbit/s and the maximum bandwidth to 6 Mbit/s. The traffic of which the rate exceeds 5 Mbit/s but is lower than or equal to 6 Mbit/s is forwarded. When the traffic rate exceeds 6 Mbit/s, nonconforming traffic is treated and forwarded as BE traffic.

   [~DeviceA] traffic behavior behavior1

   [*DeviceA-behavior-behavior1] car cir 5000 pir 6000 green pass yellow pass red pass service-class be color green

   [*DeviceA-behavior-behavior1] commit

   [~DeviceA-behavior-behavior1] quit

   # Define a traffic behavior. Set the rate limit on the traffic from PC1 to 2 Mbit/s. When the traffic rate exceeds 2 Mbit/s, nonconforming traffic is dropped.

   [~DeviceA] traffic behavior behavior2

   [*DeviceA-behavior-behavior2] car cir 2000 green pass yellow discard red discard

   [*DeviceA-behavior-behavior2] commit

   [~DeviceA-behavior-behavior2] quit

   # Define a traffic policy to associate traffic classifiers with traffic behaviors.

   [~DeviceA] traffic policy policy1

   [*DeviceA-trafficpolicy-policy1] classifier class1 behavior behavior1

   [*DeviceA-trafficpolicy-policy1] classifier class2 behavior behavior2

   [*DeviceA-trafficpolicy-policy1] commit

   [~DeviceA-trafficpolicy-policy1] quit

   # Apply the traffic policy to GE 0/1/0.

   [~DeviceA] interface gigabitethernet 0/1/0

   [~DeviceA-GigabitEthernet0/1/0] undo shutdown

   [*DeviceA-GigabitEthernet0/1/0] traffic-policy policy1 inbound

   [*DeviceA-GigabitEthernet0/1/0] commit

   # Configure traffic shaping on GE 0/3/0 of Device A to shape the traffic sent from this interface (dropping traffic of which the rate is greater than 20 Mbit/s) so that the packet loss ratio on GE 0/1/0 of Device B is lowered.

   [~DeviceA] interface gigabitethernet 0/3/0

   [~DeviceA-GigabitEthernet0/3/0] undo shutdown

   [*DeviceA-GigabitEthernet0/3/0] port shaping 20

   [*DeviceA-GigabitEthernet0/3/0] commit
3. Configure Device B.
   # Configure traffic shaping on GE 0/2/0.

   <*DeviceB> system-view

   [~DeviceB] interface gigabitethernet0/2/0

   [~DeviceB-GigabitEthernet0/2/0] undo shutdown

   [*DeviceB-GigabitEthernet0/2/0] port shaping 30

   [*DeviceB-GigabitEthernet0/2/0] commit

   [~DeviceB-GigabitEthernet0/2/0] return
4. Verify the configuration.
   Run the display interface command to check traffic information on Device B.

Configuration Files

• Configuration file of Device A

  #

   sysname DeviceA

  #

  acl number 2001

   rule 5 permit source 1.1.1.1 0

  #

  acl number 2002

   rule 5 permit source 1.1.1.2 0

  #

  traffic classifier class1 operator or

   if-match acl 2001

  traffic classifier class2 operator or

   if-match acl 2002

  #

  traffic behavior behavior1

   car cir 5000 pir 6000 green pass yellow pass red pass service-class be color green

  traffic behavior behavior2

   car cir 2000 green pass yellow discard red discard

  #

  traffic policy policy1

   classifier class1 behavior behavior1 precedence 5

   classifier class2 behavior behavior2 precedence 10

  #

  interface GigabitEthernet0/1/0

   undo shutdown

   ip address 1.1.1.3 255.255.255.0

   traffic-policy policy1 inbound

  #

  interface GigabitEthernet0/3/0

   undo shutdown

   ip address 2.1.1.2 255.255.255.0

   port shaping 20

  #

  ospf 1

   area 0.0.0.0

    network 1.1.1.0 0.255.255.255

    network 2.1.1.0 0.0.0.255

  #

  return

• Configuration file of Device B

  #

   sysname DeviceB

  #

  interface GigabitEthernet0/2/0

   undo shutdown

   ip address 2.2.2.1 255.255.255.0

   port shaping 30

  #

  ospf 1

   area 0.0.0.0

    network 2.2.2.0 0.0.0.255

    network 2.1.1.0 0.0.0.255

  #

  return

Introduction to Traffic Policing, Traffic Shaping

Traffic policing, traffic shaping are key factors in implementing QoS. Traffic policing controls the rate of incoming packets to ensure that network resources are properly allocated. Traffic shaping controls the rate of outgoing packets to allow the traffic rate to match that on the downstream device. These factors work together to provide QoS guarantees on networks.

Traffic Policing

Traffic policing controls the rate of incoming packets to ensure that network resources are properly allocated. If the traffic rate of a connection exceeds the specifications on an interface, traffic policing allows the interface to drop excess packets or re-mark the packet priority to maximize network resource usage and protect carriers' profits.

• CAR
  Traffic policing uses committed access rate (CAR) to control traffic. An example of this process is restricting the rate of Hypertext Transfer Protocol (HTTP) packets to 50% of the network bandwidth.
• Token Bucket
  CAR uses token buckets to meter the traffic rate, as shown in Figure 1. A token bucket can be considered a container of tokens, which has a pre-defined capacity. Tokens are put into the token bucket at a preset rate. When the token bucket is full of tokens, no more tokens can be added.
  
  Figure 1 Traffic policing according to CAR
  
  When a packet arrives, the device obtains enough tokens from the token bucket for packet transmission. If the token bucket does not have enough tokens to send the packet, the packet either waits for enough tokens or is discarded. This feature limits packets to be sent at a rate less than or equal to the rate at which tokens are generated.
• Traffic policing with a single token bucket
  A single token bucket is used for traffic policing when traffic measurement is relatively simple. When a single token bucket is used, packets are forwarded based on the availability of tokens in the token bucket. One token is used to forward one byte of data. If there are enough tokens available to forward a packet, the packet is considered conforming and is marked green. Otherwise, the packet is considered nonconforming or over the limit, and is marked red.
  The following are the two parameters used in traffic policing with a single token bucket:

  • Committed Information Rate (CIR): the rate at which tokens are put into a token bucket. The CIR is expressed in bit/s.
  • Committed Burst Size (CBS): the committed volume of traffic that an interface allows to pass through, also the depth of a token bucket. The CBS is expressed in bytes. The CBS must be greater than or equal to the size of the longest possible packet in the stream. Note that sometimes a single packet can consume all the tokens in the token bucket. The larger the CBS is, the greater the traffic burst can be.
  Each time a packet arrives, the packet is measured. If there are enough tokens in the bucket, the traffic rate is within the allowed range. In this case, the number of tokens equal to the byte size of the forwarded packet. If there are not enough tokens in the bucket, too many tokens are required and the traffic rate is beyond the allowed range.
• Traffic policing with two token buckets
  You can use two token buckets to measure traffic in more complex conditions and implement more flexible traffic policing. These two buckets are called the C and P buckets. Tokens are put in the C bucket at a rate of the CIR and its size is called the CBS. Tokens are put in the P bucket at a rate of the Peak Information Rate (PIR) and its size is called the Peak Burst Size (PBS). Each time the traffic is measured, the following rules are applied:

  • If there are enough tokens in the C bucket, packets are marked green.
  • If there are not enough tokens in the C bucket but enough tokens in the P bucket, packets are marked yellow.
  • If tokens in neither of the buckets are enough, packets are marked red.
  The parameters used in traffic policing with two token buckets are described as follows:

  • CIR: the rate at which tokens are put in the C bucket. The CIR is expressed in bit/s.
  • CBS: the committed volume of traffic that an interface allows to pass through, also the depth of the C bucket. The CBS is expressed in bytes. The CBS must be greater than or equal to the size of the longest possible packet in the stream. Note that sometimes a single packet can consume all the tokens in the token bucket. The larger the CBS is, the greater the traffic burst can be.
  • PIR: the rate at which tokens are put in the P bucket. The PIR is expressed in bit/s.
  • PBS: the maximum volume of traffic that an interface allows to pass through in a traffic burst, also the depth of the P bucket.
  The CX600 uses two algorithms, srTCM and trTCM, to implement traffic policing with two token buckets. The algorithms have two working modes, color-blind and color-aware. The color-blind mode is more commonly used. For details, see the "Overview".
• Traffic Policing Action
  According to different measurement results, TP implements the pre-configured policing actions, which are described as follows:
  • Pass: forwards the packets conforming to the SLA.
  • Discard: drops the packets exceeding the specified limit.
  • Remark: re-marks the packets whose traffic rate is between the CIR and PIR with a lower priority and allows these packets to be forwarded.
• Statistics Collection
  Traffic that enters a network must be controlled, and traffic statistics must be collected. Traditional statistics collection has the following defects:
  • For upstream traffic, only statistics about packets after a CAR operation is implemented can be collected. Statistics about the actual traffic in need and the packet loss during CAR are not provided.
  • For downstream traffic, only statistics about packets after a CAR operation is implemented can be collected. Statistics about the forwarded and dropped packets are not provided.
  Carriers require statistics about traffic that has been implemented with CAR to analyze user traffic beyond the specifications, which provides a basis for persuasion of purchasing a higher bandwidth.
  Using the interface-based CAR statistics collection function, the CX600 can collect and record statistics about the upstream traffic after a CAR operation (the actual access traffic of an enterprise user or an Internet bar), as well as statistics about the forwarded and dropped downstream packets after a CAR operation.

Traffic Shaping

Traffic shaping (TS) is a pro-active way to adjust the traffic output rate. A typical application of TS is to control the volume and burst of outgoing traffic based on the network connection. Thus the packets can be transmitted at a uniform rate.

TS is implemented by using the buffer and token bucket. As shown in Figure 2, after classification, packets are processed as follows:

• Packets to which traffic shaping does not apply are directly forwarded.
• For the packets to which traffic shaping applies, when no General Traffic Shaping (GTS) queue exists, the length of packets is compared with the number of tokens in the token bucket. If there are enough tokens for these packets, the packets are sent. If there are not enough tokens, the GTS queue is enabled where packets are cached. Tokens are put in the token bucket at the user-defined rate, and packets in the GTS queue are removed and sent periodically. As packets are sent, the number of tokens reduces based on the byte size of packets. During packet transmission, the byte size of packets is compared with the number of tokens in the token bucket. The number of tokens in the token bucket stops decreasing when all the packets in the GTS queue are sent or can no longer be sent.
• When the GTS queue exists, packets that go through traffic shaping enter the queue directly, waiting to be scheduled at fixed intervals by the GTS queue.
• If the GTS queue is full when new packets arrive at the queue, the packets are dropped.

Figure 2 Traffic shaping process

In Figure 3, Device A sends packets to Device B. Device B performs TP on the packets, and directly drops the nonconforming packets.

Figure 3 Traffic shaping

To reduce the number of packets that are unnecessarily dropped, you can implement TS on the outbound interface of Device A. Packets over the specification are cached onDevice A. When being able to send packets, TS gets the cached packets from the buffered queues and sends them out. Therefore, all the packets sent to Device B conform to the traffic specification.

The main differences between TS and TP are as follows:

• TS buffers excess traffic over the specifications. TP drops excess traffic over the specifications or re-marks such traffic with a lower priority.
• TS brings delay and jitter but rarely leads to packet loss. TP brings no delay or jitter but leads to packet loss.

Principles of Traffic Policing

Process of Traffic Policing

In traffic policing, the Committed Access Rate (CAR) is used to control traffic. Packets are first classified according to pre-defined matching rules. Packets that conform to the specified rate limit are forwarded directly, whereas packets that exceed the specified rate limit are dropped or have their priorities re-marked before being retransmitted.

The CAR technology uses token buckets (TBs) to control traffic.Figure 1 shows the process of traffic policing with CAR.

Figure 1 Schematic diagram of traffic policing with CAR

The tokens are put into the TB at the rate defined by users. The capacity of the TB is also defined by users. No more tokens can be added once the maximum capacity of the TB is reached.

When packets reach a device, the device classifies the packets according to the information such as the IP precedence, source address, or destination address. Packets that conform to the preset rule are processed by means of the TB.

If there are enough tokens in the bucket, packets are forwarded. At the same time, the number of tokens in the TB decreases based on the length of the packets. If the TB contains insufficient tokens or is empty, the packets that were not allocated enough tokens are either discarded or re-marked with the IP precedence, DSCP, or EXP values before being retransmitted. During this period of time, the number of tokens in the TB remains unchanged.

The preceding process shows that the CAR technology enables a router to control traffic as well as mark or re-mark packets.

The major function of CAR is controlling the traffic rate. With the CAR technology, a TB is used to measure the data traffic that flows through the interfaces on a router so that only the packets assigned with tokens go through the router during the specified time period. In this manner, the traffic rate is limited. CAR specifies the maximum traffic rates of both incoming packets and outgoing packets on an interface. In addition, the rate of certain types of traffic can be controlled based on information such as the IP address, port number, and priority. Traffic that does not conform to the preceding conditions is not limited in rate; such traffic is forwarded at the original rate.

CAR is mainly deployed at the network edge to ensure that the core device can process data normally.

Principle of the TB

The TB is used to measure the traffic rate. When data packets reach a device, the device fetches tokens from the TB for transmitting data packets. One token is required for one data packet. That is, there must be enough tokens in the TB. If tokens are insufficient, some of the data packets are discarded. It is similar to booking movie tickets. The maximum number of the audience allowed in is determined by the number of seats at the cinema. If any seats are unoccupied, the tickets are still available; if all seats are occupied, no tickets are available and the potential audience must wait for the next show. The principle of the TB is similar to this. The TB functions as a counter, as shown in the following figure.

There are tokens available for 8000 bytes in the TB. When a data packet of 5000 bytes reaches a device, the device applies for tokens to transmit the 5000–byte packet. The number of tokens in the TB is available for 8000 bytes, larger than that of the packet. Therefore, the packet is forwarded. Then, another data packet of 5000 bytes reaches the device within the time of TI, as shown in the following figure.

There are still tokens available for 3000 bytes in the TB. As the time of TI does not expire, no more token is placed into the TB. The packet, however, is 5000 bytes long. As a result, the remaining tokens are not enough for the data packet, so the data packet is discarded. Discarding the data packet does not consume any tokens. After the packet is discarded, tokens for 3000 bytes are left in the TB until the time of TI expires. Then, new tokens are to fill the TB.

Let us take a look at the adding of new tokens. Assume that the CBS is set to 8000 bytes in the above figure. The system places tokens for 8000 bytes into the TB next time. Since there are tokens for 3000 bytes left in the TB, only the tokens for 5000 bytes of the tokens for 8000 bytes are used to fill the TB, and the remaining tokens for 3000 bytes are discarded if no data packet applies for tokens for 3000 bytes. This is because there is no room for them in the TB.

Implementation of Traffic Policing

This section describes the implementation of traffic policing with a single TB and dual TBs.

• Traffic policing with a single rate three color marker (srTCM)
• Traffic policing with two rate three color marker (trTCM)

Parameters for srTCM

The following parameters are involved in srTCM:

• Committed Information Rate (CIR): the rate at which tokens are put into a token bucket. The CIR is expressed in kbps.
• Committed Burst Size (CBS): the committed volume of traffic that an interface allows to pass through, also the depth of a token bucket. The CBS is expressed in bytes. The CBS must be greater than or equal to the size of the largest possible packet in the stream. Note that sometimes a single packet can consume all the tokens in the token bucket. The larger the CBS is, the greater the traffic burst can be.
• Peak burst size (PBS): the maximum size of burst traffic before all traffic exceeds the CIR. The PBS is expressed in bytes.

A packet is marked green if it does not exceed the CBS, yellow if it exceeds the CBS but does not exceed the PBS, and red if it exceeds the PBS.

Method of Adding Tokens for srTCM

Both buckets C and P are initially full.

Rules for srTCM

Tc and Tp refer to the number of tokens in buckets C and P, respectively. The initial values of Tc and Tp are respectively the CBS and PBS.

In Color-Blind mode, the following rules apply when a packet of size B arrives at time t:

• When one token bucket is used:
  • If Tc(t) – B ≥ 0, the packet is marked green, and Tc is decremented by B.
  • If Tc(t) – B < 0, the packet is marked red, and Tc remains unchanged.
• When two token buckets are used:
  • If Tc(t) – B ≥ 0, the packet is marked green, and Tc is decremented by B.
  • If Tc(t) – B < 0 but Tp(t) - B ≥ 0, the packet is marked yellow, and Tp is decremented by B.
  • If Tp(t) – B < 0, the packet is marked red, and neither Tc nor Tp is decremented.

In Color-Aware mode, the following rules apply when a packet of size B arrives at time t:

• When one token bucket is used:
  • If the packet has been pre-colored as green and Tc(t) - B ≥ 0, the packet is re-marked green, and Tc is decremented by B.
  • If the packet has been pre-colored as green and Tc(t) – B < 0, the packet is re-marked red, and Tc remains unchanged.
  • If the packet has been pre-colored as yellow or red, the packet is re-marked red regardless of the packet length. The Tc value remains unchanged.
• When two token buckets are used:
  • If the packet has been pre-colored as green and Tc(t) - B ≥ 0, the packet is re-marked green, and Tc is decremented by B.
  • If the packet has been pre-colored as green and Tc(t) – B < 0 but Tp(t) - B ≥ 0, the packet is marked yellow, and Tp is decremented by B.
  • If the packet has been pre-colored as yellow and Tp(t) – B ≥ 0, the packet is re-marked yellow, and Tp is decremented by B.
  • If the packet has been pre-colored as yellow and Tp(t) – B < 0, the packet is re-marked red, and Tp remains unchanged.
  • If the packet has been pre-colored as red, the packet is re-marked red regardless of the packet length. The Tc and Tp values remain unchanged.

Parameters for trTCM

trTCM covers the following parameters:

• CIR: the rate at which tokens are put into a token bucket. The CIR is expressed in kbps.
• CBS: the committed volume of traffic that an interface allows to pass through, also the depth of a token bucket. The CBS is expressed in bytes. The CBS must be greater than or equal to the size of the largest possible packet entering a device.
• PIR: the maximum rate at which an interface allows packets to pass and is expressed in kbps. The PIR must be greater than or equal to the CIR.
• PBS: the maximum volume of traffic that an interface allows to pass through in a traffic burst.

Method of Adding Tokens for trTCM

Tokens are put into buckets C and P at the rate of CIR and PIR, respectively. When one bucket is full of tokens, any subsequent tokens for the bucket are dropped, but tokens continue being put into the other bucket if it is not full.

Buckets C and P are initially full.

Rules for trTCM

The trTCM focuses on the traffic burst rate and checks whether the traffic rate is conforming to the specifications. Therefore, traffic is measured based on bucket P and then bucket C.

Tc and Tp refer to the numbers of tokens in buckets C and P, respectively. The initial values of Tc and Tp are respectively the CBS and PBS.

In Color-Blind mode, the following rules apply when a packet of size B arrives at time t:

• If Tp(t) – B < 0, the packet is marked red, and The Tc and Tp values remain unchanged.
• If Tp(t) – B ≥ 0 but Tc(t) – B < 0, the packet is marked yellow, and Tp is decremented by B.
• If Tc(t) – B ≥ 0, the packet is marked green and both Tp and Tc are decremented by B.

In Color-Aware mode, the following rules apply when a packet of size B arrives at time t:

• If the packet has been pre-colored as green, and Tp(t) – B < 0, the packet is re-marked red, and neither Tp nor Tc is decremented.
• If the packet has been pre-colored as green and Tp(t) – B ≥ 0 but Tc(t) – B < 0, the packet is re-marked yellow, and Tp is decremented by B, and Tc remains unchanged.
• If the packet has been pre-colored as green and Tc(t) – B ≥ 0, the packet is re-marked green, and both Tp and Tc are decremented by B.
• If the packet has been pre-colored as yellow and Tp(t) – B < 0, the packet is re-marked red, and neither Tp nor Tc is decremented.
• If the packet has been pre-colored as yellow and Tp(t) – B ≥ 0, the packet is re-marked yellow, and Tp is decremented by B and Tc remains unchanged.
• If the packet has been pre-colored as red, the packet is re-marked red regardless of what the packet length is. The Tp and Tc values remain unchanged.