traffic to be re-marked with a lower priority before the excess traffic is sent out. Traffic shaping buffers excessive traffic so that the traffic stays within the desired rate. With traffic shaping, traffic bursts are smoothed out by queuing the excess traffic to produce a steadier flow of data. Reducing traffic bursts helps reduce congestion in the network. Traffic shapers such as class-based shaping, Frame Relay traffic shaping (FRTS), or virtual IP (VIP)-based distributed traffic shaping (DTS) in Cisco IOS software do not have the ability to mark traffic. Why Use Policing?
Traffic policing is typically used to satisfy one of these requirements as summarized in Figure :

Limiting the access rate on an interface when high-speed physical infrastructure is used in transport. Rate limiting is typically used by service providers to offer customers subrate access. For example, a customer may have an Optical Carrier-3 (OC-3) connection to the service provider but pay only for a T1 access rate. The service provider can rate-limit the customer traffic to T1 speed.
Engineering bandwidth so that traffic rates of certain applications or classes of traffic follow a specified traffic-rate policy. For example, traffic from file-sharing applications may be rate-limited to 64 kbps maximum.
Re-marking excess traffic with a lower priority at Layer 2 and Layer 3 or both before sending the excess traffic out. Cisco class-based traffic policing can be configured to mark packets at both Layer 2 and Layer 3. For example, excess traffic can be re-marked to a lower differentiated services code point (DSCP) value and also have the Frame Relay discard eligible (DE) bit set before the packet is sent out.

Why Use Shaping?
Traffic shaping is typically used to prevent and manage congestion in ATM, Frame Relay, or Metro Ethernet networks, where asymmetric bandwidths are used along the traffic path. If shaping is not used, then buffering can occur at the slow (usually the remote) end, which can lead to queuing and cause delays, and overflow, which can cause packet drops. Traffic shaping is an attempt to control traffic in ATM, Frame Relay, or Metro Ethernet networks to optimize or guarantee performance, low latency, or bandwidth. Traffic shaping deals with the concepts of classification, queue disciplines, enforcing policies, congestion management, quality of service (QoS), and fairness. Traffic shaping provides a mechanism to control the volume of traffic being sent into a network (bandwidth throttling) by not allowing the traffic to burst aboe the subscribed (committed) rate. For this reason, traffic-shaping schemes need to be implemented at the network edges, as with ATM, Frame Relay, or Metro Ethernet, to control the traffic entering the network. It also may be necessary to identify traffic with a granularity that allows the traffic-shaping control mechanism to separate traffic into individual flows and shape them differently. Figure summarizes these points.

Content 4.7 Introducing Traffic Policing and Shaping 4.7.2 Why Use Traffic Conditioners? Traffic conditioners, QoS mechanisms that limit bandwidth, include policing and shaping. Both of these approaches limit bandwidth, but each has different characteristics, as follows:

Policing: Policing typically limits bandwidth by discarding traffic that exceeds a specified rate. However, policing also can re-mark traffic that exceeds the specified rate and attempt to send the traffic anyway. Because of the drop behavior of policing TCP retransmits, policing should be used on higher-speed interfaces. Policing can be applied inbound or outbound on an interface.
Shaping: Shaping limits excess traffic, not by dropping it but by buffering it. This buffering of excess traffic can lead to delay. Because of this delay, shaping is recommended for slower-speed interfaces. Unlike policing, shaping cannot re-mark traffic. As a final contrast, shaping can be applied only in the outbound direction on an interface.

Traffic policing divides the shared resource (the upstream WAN link) among many flows. In the example shown in Figure , the router Fast Ethernet interface has an input traffic-policing policy applied to it in which the mission-critical server traffic rate is not limited but the user x file-sharing application traffic rate is limited to 56 kbps. All file-sharing application traffic from user x that exceeds the rate limit of 56 kbps will be dropped. Traffic Policing and Shaping: Example
Traffic policing tools are often configured on interfaces at the edge of a network to limit the rate of traffic entering or leaving the network. In the most common traffic-policing configurations, traffic that conforms is transmitted and traffic that exceeds is sent with a decreased priority or is dropped. Such priorities can be based on IP precedence or DSCP. Network administrators can change these configuration options to suit their network needs. Traffic-shaping tools limit the transmit rate from a source by queuing the excess traffic. This limit is typically a value lower than the line rate of the transmitting interface. Traffic shaping can be used to account for speed mismatches, which are common in nonbroadcast multiaccess (NBMA) networks such as Frame Relay and ATM. Figure shows two types of speed mismatches:

The central site can have a higher-speed link than the remote site. Thus, traffic shaping can be deployed at the central site router to shape the traffic rate out of the central site router to match the link speed of the remote site. For example, the central router can shape the permanent virtual circuit (PVC) outgoing traffic rate (going to the top remote-site router) to 128 kbps to match that remote-site link speed. At each remote-site router, traffic shaping is also implemented to shape the remote-site outgoing traffic rate to 128 kbps to match the committed information rate (CIR).
The aggregate link speed of all the remote sites can be higher than the central site link speed (oversubscribing the central site link speed). In this case, the remote-site routers can be configured for traffic shaping to avoid oversubscription at the central site. For example, the bottom two remote-site routers can be configured to shape the PVC outgoing traffic rate to 256 kbps to keep the central-site router from being oversubscribed.
On all the links between the central site and the remote sites, traffic policing can be used to prioritize packets and to decide, for instance, whether packets that conform can be configured to be transmitted, packets that exceed can be configured to be sent with a decreased priority, and packets that violate can be configured to be dropped. For example, packets with an IP precedence of 4 that do not exceed 128 kbps are transmitted.

Content 4.7 Introducing Traffic Policing and Shaping 4.7.3 Policing vs. Shaping Figure shows the differences between policing and shaping. Policing can be applied to either the inbound or outbound direction, while shaping can be applied only in the outbound direction. Policing drops nonconforming traffic instead of queuing the traffic like shaping. Policing also supports marking of traffic. Traffic policing is more efficient in terms of memory utilization than traffic shaping because no additional queuing of packets is needed. Both traffic policing and shaping ensure that traffic does not exceed a bandwidth limit, but each mechanism has different impacts on the traffic:

Policing drops packets more often, generally causing more retransmissions of connection-oriented protocols, such as TCP.
Shaping adds variable delay to traffic, possibly causing jitter. Shaping queues excess traffic by holding packets in a shaping queue. Traffic shaping is used to shape the outbound traffic flow when the outbound traffic rate is higher than a configured rate. Traffic shaping smoothes traffic by storing traffic above the configured rate in a shaping queue. Therefore, shaping