qos07-传统命令行的shaping and可不讲

1、Traffic Shaping and Policing流量整形和监管Traffic Shaping and PolicingTraffic shaping and policing mechanisms are used to rate-limit traffic classes. 监管和流量整形都用于限速They have to be able to classify packets and meter their rate of arrival.引入一个额外的度量（meter）即令牌桶Traffic shaping delays excess packets so that they s

2、tay within the rate limit.整形对超出速率的报文做一个缓存，所以对流量有一个时延，而不丢包Traffic policing typically drops excess traffic so that it stays within the limit; alternatively, it can remark excess traffic.流量监管丢弃超出速率的报文，或者可以对报文做重标记ClassifierMarkerDropperMeterTrafficStreamWhy Use Rate Limiting?To handle congestion at ingr

3、ess to ATM/Frame Relay network with asymmetric link bandwidths-处理非对称链路在入方向的拥塞To limit access to resources when high-speed access is used but not desired-限制一定速率的接入To limit certain applications or classes-限制一定的应用或者某类流量To implement a virtual TDM systemShaping vs. PolicingBenefits of shaping:Shaping doe

4、s not drop packets.整形通常不丢弃报文Shaping supports interaction with Frame Relay congestion indication.整形支持帧中继拥塞标识（不在考试大纲）Benefits of policing:Policing supports marking.管制支持标记Buffer usage is not increased (shaping requires an additional queuing system).不会增加buffer的使用，而整形需要需要额外的shaping queueHow Do Routers Me

5、asure Traffic Rate? Routers use the token bucket mathematical model to keep track of packet arrival rate.用令牌桶机制来度量到达的报文速率The token bucket model is used whenever a new packet is processed.The return value is conform or exceed-令牌桶即度量，会返回conform或者execeedBandwidthTimeLink BandwidthRate LimitExceeding Tr

6、afficConforming Traffic700700Token Bucket500 bytes500 bytesConform Action200Token Bucket (cont.)300 bytesExceed Action300 bytesToken BucketBc is normal burst size (specifies sustained rate)-正常流量大小Be is excess burst size (specifies length of burst)-突发流量大小Bc + BeBc of tokens is added every Tc msTc = B

7、c / CIRPIR=(Bc+Be)/Tc=(Bc+Be)除以Bc乘以CIRTimeLinkUtilizationTc2*Tc3*Tc4*Tc5*TcBcBcBcBcBcBcLink BWAverage BW(CIR)Be整形术语术语定义TC时间间隔，毫秒为单位，在该时间段允许发送BC比特BC承诺突发值，比特为单位，该值通常也定义在流量契约中CIR承诺访问速率，以bit/s为单位。流量契约中定义的速率整形速率以bit/s为单位，通过特定配置对流量进行整形。通常设置为与CIR相同的值BE超额突发值，在未发送流量一段时间后，BC之外允许发送的bitTc = Bc / CIR图解流量整形为了达到平均

8、64kbit/s，在时间间隔内，62.5毫秒发送数据包（1/2时间），所以BC=8000bit（1000字节）路由器以链路速度发送62.5毫秒，然后停止发送62.5毫秒，完成第一个时间间隔，然后开始重复该过程，一秒钟之后8个时间间隔总共500毫秒发送了128kbit/s，即平均速率变成了64kbpsTraffic Shaping and Policing Mechanisms分类Shaping mechanisms:Generic traffic shaping (GTS)通用流量整形Frame Relay traffic shaping (FRTS)不在大纲内Class-based shap

9、ingPolicing mechanisms:Committed access rate (CAR)Class-based policingSummaryUpon completing this lesson, you should be able to:Describe the need for implementing traffic policing and shaping mechanismsList traffic policing and shaping mechanisms available in Cisco IOSDescribe the benefits and drawb

10、acks of traffic shaping and policing mechanismsLesson ReviewHow do shaping and policing mechanisms keep track of the traffic rate?Which shaping mechanisms are available with Cisco IOS software?Which policing mechanisms are available with Cisco IOS software?What are the main differences between shapi

11、ng and policing?Generic Traffic Shaping后续课程不在大纲之列ObjectivesUpon completing this lesson, you will be able to: Describe the GTS mechanismDescribe the benefits and drawbacks of GTSConfigure GTS on Cisco routersMonitor and troubleshoot GTSGeneric Traffic ShapingTrafficStreamClassifierMarkerShaperDropper

12、MeterCan shape multiple classes (classification)可以整形多个流量Can measure traffic rate of individual classes (metering)度量不同的类但是不可以markingDelays packets of exceeding classes (shaping)会有更多的时延所以对时延敏感不太适合GTS Building BlocksClassifierClassifierClassifierNoNoNoPhysical InterfaceQueue(s)ShapingWFQYesYesYesShapin

13、gWFQShapingWFQNoNoNoYesYesYesForwarder分类然后进入令牌桶算法，如果令牌桶中令牌足够，那么转到物理接口队列，如果令牌不够，那么放入GTS的shaping wfq队列GTS OverviewGTS is multiprotocol.GTS uses WFQ for the shaping queue.通用流量整形的shaping队列是WFQGTS can be implemented in combination with any queuing mechanismsGTS通用流量整形可以和任何队列机制合用:FIFO queuingPriority queui

14、ng (PQ)Custom queuing (CQ)Weighted fair queuing (WFQ)GTS works on output only-GTS仅仅工作在出接口GTS ImplementationThe software queue may have no function if the sum of all shaping rates is less than the link bandwidth.首先在整形的WFQ队列中调度，再转到其他队列，如果硬件队列没有满直接跳过软件队列，此时没用到软件队列（无调度机制）ShapingQueue(WFQ)SoftwareQueue(F

15、IFO, PQ, CQ, WFQ, .)HardwareQueue(FIFO)Dispatches packets at configured rateDispatches packets at line rateDispatches packets at line rateBypasses the software queue if it is empty and there is room in the hardware queueConfiguring GTSEnables traffic shaping of all outbound (sub)interface trafficIn

16、IOS versions prior to 11.2(19) and 12.0(4), optimum switching is disabled on all interfaces if traffic shaping is enabled on any interfacetraffic-shape rate bit-rate burst-size excess-burst-sizeRouter(config-if)#Configuring GTS (cont.)Bit rate: average traffic rate in bps (equivalent to Frame Relay

17、CIR)定义CIR，单位bpsBurst size: amount of traffic sent in a measurement interval in bits (equivalent to Frame Relay Bc)Default value: 1/8 of bit rate（BC，默认是CIR的八分之一）traffic-shape rate bit-rate burst-size excess-burst-sizeRouter(config-if)#Configuring GTS (cont.)Excess burst size: amount of excess traffic

18、 that can be sent during the first burst in bps (equivalent to Frame Relay Be)Default value: no excess burst（默认没有BE）Measurement interval (Tc): computed from bit rate and burst sizeTc smaller than 25 ms is rejected: Tc greater than 125 ms is reduced（TC是25到125毫秒间的值）traffic-shape rate bit-rate burst-si

19、ze excess-burst-sizeRouter(config-if)#Configuring GTS (cont.)Traffic-shape group shapes outbound traffic matched by the specified access list.Several traffic-shape group commands can be configured on the same interface.多个group命令可以用在同一接口下The traffic-shape rate and traffic-shape group commands cannot

20、be mixed on the same interface.两种命令不可混合使用A separate token bucket and shaping queue is maintained for each traffic-shape group command.Traffic not matching any access list is not shaped-如果没有ACL匹配则不会进行整形traffic-shape group access-list bit-rate burst excess-burstRouter(config-if)#GTSExample #1An ISP wa

21、nts to sell a service in which a customer may use all of an E1 line for 30 seconds in a burst, but on a long-term average is limited to 256 kbps.GTS parameters:Bit rate: 256,000output rate is 256,000 bps（CIR 250Kbps）Burst size32,000 the number of bits sent in 125 ms（BC是125毫秒内发送的字节数）Excess burst size

22、: 61,440,000 = 2,048,000 x 30CoreCustomerGTSExample #1 (cont.)interface ethernet0/0 traffic-shape rate 256000 32000 61440000!interface serial1/0 traffic-shape rate 256000 32000 61440000Because the ISP wants to control the total amount of load, the configuration would be done on both the inbound and

23、outbound interfaces-在两个方向进行了配置WAN验证结果R1(config-if)#traffic-shape rate 256000 ? -配置CIR为256 Kbps bits per interval, sustained R1(config-if)#traffic-shape rate 256000 32000 61440000-32000为在TC间隔内放入的bit数量即Bc，最后一个参数61440000一会我们再来讨论验证：R1#show traffic-shape Interface S1/0 Access Target Byte Sustain Excess I

24、nterval Increment AdaptVC List Rate Limit bits/int bits/int (ms) (bytes) Active- 256000 7684000 32000 61440000 125 4000 - 我们来解读这个验证信息，256000为CIR，单位是bps；32000为Bc，即在每个Tc时间内放入的bit数，用公式Tc=Bc/Cir，那么Tc=32000/256000=1/8秒，即125ms，就是图中的Interval=125.Tc只能通过计算得到，而不能配置4000字节=32000bit，其实这还是Bc值，不过单位变成了byte而已7684000

25、0=（61440000 ）/8,等价于BC+BE之后换算成字节数（Byte）CoreCustomerGTSExample #2The customer wants to be sure that web traffic will never use more than 64 kbps.WANinterface ethernet 0/0 traffic-shape group 101 64000interface serial 1/0 traffic-shape group 101 64000!access-list 101 permit tcp any any eq wwwMonitoring

26、 GTSRouter#show traffic-shape access Target Byte Sustain Excess Interval Increment AdaptI/F list Rate Limit bits/int bits/int (ms) (bytes) ActiveSe3/3 100000 2000 8000 8000 80 1000 -CIRBcBeTc=Bc/CIRMAX = (Bc + Be)/8Bc = Tc * CIRDo we listen to FECN/BECN?Displays current traffic shaping configuration

27、show traffic-shapeRouter(config)#Monitoring GTS (cont.)Router#show traffic-shape statistics Access Queue Packets Bytes Packets Bytes ShapingI/F List Depth Delayed Delayed ActiveSe3/3 77 16091 3733112 414 96048 yesDepth of the associated WFQ queue for delayed packetsNumber of packets/bytes sent on th

28、e interfaceSubset of the previous number of packets/bytes delayed via the WFQ queueDisplays traffic shaping statisticsshow traffic-shape statisticsRouter(config)#Monitoring GTS (cont.)router#show traffic-shape queueTraffic queued in shaping queue on Serial0 (depth/weight) 1/4096 Conversation 254, li

29、nktype: ip, length: 232 source: , destination: 7, id: 0 x0001, ttl: 208, TOS: 0 prot: 17, source port 11111, destination port 22222Displays the shaping queue contentsshow traffic-shape queueRouter(config)#在拥塞的情况下还会看到更多具体信息，甚至可以看到WFQ的权重值Committed Access Rate该部分V5大纲已经取消ObjectivesUpon completing this l

30、esson, you will be able to: Describe the CAR mechanismDescribe the benefits and drawbacks of CARDescribe the differences between CAR, GTS, and FRTSConfigure CAR on Cisco routersMonitor and troubleshoot CARCommitted Access RatePrimarily intended for rate limitingCan be used on inbound and outbound tr

31、afficDoes not queue (delay) packetsCan also mark packetsCan be implemented for differentiated markingClassifierMarkerDropperMeterInboundorOutboundCAR on Input and OutputCAR on input is processed just before forwarding (most other QoS mechanisms are processed before CAR).CAR on output is processed im

32、mediately after forwarding (most other QoS mechanisms are processed after CAR).InboundClassifierMarkerDropperMeterOutboundClassifierMarkerDropperMeterForwardingQueuing CAR ImplementationThe software queue may have no function if the sum of all CAR rates is less than the link bandwidth.CAR在软件队列之前，如果C

33、AR的速率小于带宽可以导致队列调度机制不生效SoftwareQueue(FIFO, PQ, CQ, WFQ, .)HardwareQueue(FIFO)Dispatches packets at line rateDispatches packets at line rateBypasses the software queue if it is empty and there is room in the hardware queueCARDispatches packets at configured rateInterface-Wide CAR DiagramClass 1?Class

34、2?Class n?CARCARCARcontinuecontinuetransmittransmittransmitdropdropdropOutput QueueorForwardCAR has three different actions:TransmitContinueDropCAR DiagramMeterConforms?Set IP Precedence? Set DSCP?Set MPLS Experimental? Set QoS group? Mark?Transmit?Yes / NoSet IP PrecedenceSet DSCPSet MPLS Experimen

35、talSet QoS GroupContinue?Drop?YesYesYesNoNoForwardorEnqueueGo toNextCAR CommandMarking depends on whether the packet conforms to or exceeds the policy.YesYesYesYesConfiguring CARSpecifies all four conditioner elements for a particular traffic classRepeat this command for different classes of traffic

36、If a match is not found, the default action is to transmitrate-limit input | output access-group rate-limit #acl | qos-group number | dscp dscp mean-rate Bc Be conform-action drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue va

37、lue set-dscp-transmit value | set-dscp-continue value | set-mpls-transmit value | set-mpls-continue value exceed-action drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue value set-dscp-transmit value | set-dscp-continue value |

38、 set-mpls-transmit value | set-mpls-continue value Router(config-if)#CAR ClassificationIP packets are classified:Based on their direction (input or output)Optional classification based on:Numbered IP access list (standard or extended)IP Precedence rate-limit access list MAC address rate-limit access

39、 listQoS group set by a previous conditioner in the same nodeDSCPrate-limit input | output access-group rate-limit #acl | qos-group number | dscp dscp.Router(config-if)#Null CAR ClassifierSelects packets in ingress or egress direction that have not been classified with any previous rate-limit comman

40、ds on this interfaceUsually used as the last rate-limit command on an interfacerate-limit input | output .Router(config-if)#CAR ClassifierBased on IP Access ListConfigures an IP access list to be used as a packet classifierClassifies packets received over an interface with the IP access listClassifi

41、cation based on IP Precedence can be done with IP access listrate-limit input | output access-group number .Router(config-if)#access-list acl-index deny | permit source source-wildcardaccess-list acl-index deny | permit protocol source source-wildcard destination destination-wildcard precedence prec

42、edence tos tos dscp dscp logRouter(config)#CAR Classifier Based on IP PrecedenceThe IP Precedence classifier uses rate-limit access lists from 1 to 99 to match on IP Precedence values.rate-limit input | output access-group rate-limit number .Router(config-if)#IP Precedence-BasedRate-Limit Access Lis

43、tACL index is between 1 and 99Matches packets with specified IP PrecedenceOnly one line is allowed in the access listACL index is between 1 and 99Matches packets that match any precedence value specified in the maskPrecedence mask has one bit for each precedence value (Bit 0 = Precedence 0)access-li

44、st rate-limit acl-index precedenceRouter(config)#access-list rate-limit acl-index mask precedence-maskRouter(config)#CAR Classifier Based on Upstream MAC AddressThe upstream MAC address classifier uses rate-limit access lists from 100 to 199 to match on the MAC address of an upstream router or host.

45、rate-limit input | output access-group rate-limit number .Router(config-if)#MAC Address Rate-Limit Access ListACL index is between 100 and 199Matches packets received from upstream neighbor with specified MAC addressOnly the MAC address is allowed in the access list (each upstream neighbor requires

46、a different rate-limit statement)access-list rate-limit acl-index mac-addressRouter(config)#QoS Group CAR ClassifierSelects IP packets already marked in this node with specified QoS groupQoS group marking can be done through:Policy-based routingCEF marking based on QPPBInbound rate limit on another

47、interfaceInbound class-based marking on another interfaceAvailable only on high-end platformsrate-limit input | output qos-group number .Router(config-if)#DSCP-Based CAR ClassifierSelects IP packets marked with the specified DiffServ code pointDSCP marking could be done through:Rate limiting on anot

48、her interface or routerClass-based marking on another interface or routerrate-limit input | output dscp dscp .Router(config-if)#CAR MeterThe rate-limit meter measures the contract compliance of a traffic class selected with a classifier.A modified token bucket algorithm is used:mean-rate specifies a

49、verage traffic rate.Bc specifies the normal burst size.Be specifies the excess burst size.The token bucket size is defined by Be alone.rate-limit input | outputaccess-group rate-limit number | qos-group number | dscp dscpmean-rate Bc Be.Router(config-if)#CAR ActionsCAR actions can be split into two

50、subactions:Marking actionProcessing actionMarking actions support the setting of:IP PrecedenceDSCPMPLS experimental bitsQoS groupProcessing actions:Transmitpacket is transmittedContinuepacket is also processed by the next “rate-limit” commandDroppacket is droppedCAR Actions (cont.)Processing actions

51、 “transmit,” “continue,” and “drop” can be used as standalone actions.Processing actions “transmit” and “continue” can be combined with marking actions (set-mark_action-proc_action):set-prec-transmitset-qos-transmitset-mpls-transmitset-dscp-transmitset-prec-continueset-qos-continueset-mpls-continues

52、et-dscp-continueCAR Actions (cont.)Conforming and exceeding packets can be configured with different actions.There are three typical uses of CAR:Pure rate limiting:Transmit conforming packetsDrop exceeding packetsDifferentiated marking:Transmit conforming packets with marker value x (e.g., IP Preced

53、ence 3)Transmit exceeding packets with marker value y (e.g., IP Precedence 2)Pure marking:Transmit confirming and exceeding packets with the same marker valueDisplaying CAR Parameters and StatisticsRouter#show interfaces serial 0/0 rate-limitSerial0 Input matches: qos-group 4 params: 128000 bps, 640

54、00 limit, 128000 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: set-prec-transmit 0 last packet: 421250660ms ago, current burst: 0 bytes last cleared 00:00:59 ago, conformed 0 bps, exceeded 0 bps Output matches: access-group 181 params: 8000 bps, 8

55、000 limit, 16000 extended limit conformed 19 packets, 21576 bytes; action: set-prec-transmit 3 exceeded 5 packets, 7520 bytes; action: drop last packet: 145344ms ago, current burst: 11552 bytes last cleared 00:03:01 ago, conformed 0 bps, exceeded 0 bpsDisplays CAR parameters and statisticsshow inter

56、faces intf rate-limitRouter#Display Rate-LimitAccess ListsRouter#show access-lists rate-limitRate-limit access list 10 1Rate-limit access list 11 mask 81Rate-limit access list 120 4000.1234.ABCDList rate-limit access listsshow access-lists rate-limitRouter(config)#CAR: Limiting Example #1A service p

57、rovider connects all its customers via 2 Mbps physical leased lines (or ADSL links) and uses CAR to limit the actual amount of traffic the user can send or receive.In addition, several differentiated services could be provided based on customer needs.CAR: Limiting Example #1 (cont.)ISPCustomerCustom

58、er2 Mbps 2 MbpsCustomer2 MbpsNAPInternetinterface serial 0/0rate-limit input 256000 4000 96000 conform-action transmit exceed-action droprate-limit output 256000 4000 96000 conform-action transmit exceed-action dropCAR: Limiting and Marking Example #2Web traffic is limited to 512 kbps and transmitted with higher precedence:Excess web traffic is classified as regular traffic.All other traffic is limited to 256 kbps and transmitted with Precedence 0:Excess traffic is dropped.Burst siz