increases buffer utilization on a router and
causes unpredictable packet delays. Traffic shaping can also
interact with a Frame Relay network, adapting to indications of
Layer 2 congestion in the WAN. For example, if the
backward-explicit congestion notification (BECN) bit is
received, the router can lower the rate limit to help reduce
congestion in the Frame Relay network.
Content
4.7 Introducing Traffic Policing and
Shaping 4.7.4 Measuring Traffic Rates with
Tokens The token bucket is a mathematical model used by
routers and switches to regulate traffic flow. The model has
two basic components: - Tokens: Each token
represents permission to send a fixed number of bits into the
network. Tokens are put into a token bucket at a certain rate
by Cisco IOS software.
- Token bucket: A token
bucket has the capacity to hold a specified number of tokens.
Each incoming packet, if forwarded, takes tokens from the
bucket representing the packet size. If the bucket fills to
capacity, newly arriving tokens are discarded. Discarded tokens
are not available to future packets. If there are not enough
tokens in the token bucket to send the packet, the
traffic-conditioning mechanisms may take the following
actions:
- Wait for enough tokens to accumulate in the
bucket (traffic shaping)
- Discard the packet (traffic
policing)
Using a single token bucket
model, the measured traffic rate can conform to or exceed the
specified traffic rate. The measured traffic rate is conforming
if there are enough tokens in the token bucket to transmit the
traffic. The measured traffic rate is exceeding if there are
not enough tokens in the token bucket to transmit the traffic.
Figure shows a single token bucket traffic policing
implementation. Starting with a current capacity of 700 bytes
worth of tokens accumulated in the token bucket, when a
500-byte packet arrives at the interface, its size is compared
to the token bucket capacity (in bytes). The 500-byte packet
conforms to the rate limit (500 bytes is less than 700 bytes),
and the packet is forwarded: 500 bytes worth of tokens are
taken out of the token bucket, leaving 200 bytes worth of
tokens for the next packet. Continuing with the single token
bucket example from the previous figure, when the next
300-byte packet arrives immediately after the first packet, no
new tokens have been added to the bucket (which is done
periodically). This packet exceeds the rate limit. The current
packet size (300 bytes) is greater than the current capacity of
the token bucket (200 bytes), and the exceed action is
performed. In traffic policing, the exceed action can be to
drop or mark the packet. Figure illustrates the exceed action.
Example: Token Bucket as a Piggy Bank
Think of a
token bucket as a piggy bank. Every day you can insert one
dollar into the piggy bank (the token bucket). At any given
time, you can spend only what you have saved in the piggy bank.
If your saving rate is one dollar per day, your long-term
average spending rate will be one dollar per day if you
constantly spend what you saved. However, if you do not spend
any money on a given day, then you can build up your savings to
the maximum that the piggy bank can hold. For example, if the
piggy bank is limited to holding five dollars, and if you save
and do not spend for five straight days, the piggy bank will
contain five dollars. When the piggy bank fills to its
capacity, you will not be able to put any more money in it.
Then, at any time, you can spend up to five dollars (bursting
above the long-term average rate of one dollar per day). To
define a conforming rate, using the piggy bank example, assume
you have two dollars in the piggy bank and spend one dollar. In
this case, you are spending at a conforming rate because you
are not spending more than you have saved. To define an
exceeding rate, using the piggy bank example, assume you have
two dollars in the piggy bank and try to spend three dollars,
you are spending at an exceeding rate because you are trying to
spend more than you have saved. The piggy bank metaphor is a
good representation of the token bucket concept, but remember,
the token bucket works much faster.
Content
4.7 Introducing Traffic Policing and
Shaping 4.7.5 Single Token Bucket Class-Based
Policing Token bucket operations rely on parameters such as
CIR, committed burst (Bc), and committed time interval (Tc). Bc
is known as the normal burst size. The mathematical
relationship between CIR, Bc, and Tc is as follows: CIR (bps) =
Bc (bits) / Tc (sec) With traffic policing, new tokens are
added into the token bucket based on the interpacket arrival
rate and the CIR. Every time a packet is policed, new tokens
are added back into the token bucket. The number of tokens
added back into the token bucket is calculated as follows:
(Current Packet Arrival Time – Previous Packet Arrival Time) *
CIR An amount (Bc) of tokens is forwarded without constraint in
every time interval (Tc). For example, if 8000 bits (Bc) worth
of tokens are placed in the bucket every 250 ms (Tc), the
router can steadily transmit 8000 bits every 250 ms if traffic
arrives constantly at the router. CIR (normal burst rate) =
8,000 bits (Bc) / 0.25 seconds (Tc) = 32 kbps Figure
illustrates the concept. When configuring Cisco IOS class-based
traffic policing, it is recommended that you allow Cisco IOS
software to automatically calculate the optimal Bc and Tc value
based on the configured CIR. Without any excess bursting
capability, if the token bucket fills to capacity (Bc of
tokens), the token bucket overflows and newly arriving tokens
are discarded. Using the example, in which the CIR is 32 kbps
(Bc = 8000 bits and Tc = 0.25 seconds), the maximum traffic
rate can never exceed a hard rate limit of 32 kbps.
Content 4.7 Introducing Traffic Policing and
Shaping 4.7.6 Cisco IOS Traffic Policing and
Shaping Mechanisms The table in Figure lists the
characteristics of the class-based traffic-policing mechanism
that are available in Cisco IOS software. Class-based policing
is also available on some Cisco Catalyst switches. Class-based
policing supports a single or dual token bucket. Class-based
policing also supports single-rate or dual-rate metering and
multiaction policing. Multiaction policing allows more than one
action to be applied; for example, marking the Frame Relay DE
bit and the DSCP value before sending the exceeding traffic.
Class-based policing is configured using the Cisco Modular QoS
CLI (MQC), using the police command under the policy map
configuration. Note
A token bucket is a formal
definition of a rate of transfer. It has three components: a
burst size, a mean rate, and a time interval (Tc). Although the
mean rate is generally represented as bits per second, any two
values may be derived from the third by the relation shown as
follows: mean rate = burst size / time interval. A token
bucket is used to manage a device that regulates the data in a
flow. The single token bucket is used for single-rate metering.
To provide more metering granularity, the single-rate token
bucket function is doubled, resulting in the dual token bucket
that is used in the dual-rate metering. The table in Figure
lists two of the traffic-shaping mechanisms available in Cisco
IOS software: class-based traffic shaping and Frame Relay
traffic shaping (FRTS). Class-based traffic shaping uses the
MQC to allow traffic to be shaped per traffic class as defined
by the class map. Class-based traffic shaping can be used in
combination with class-based weighted fair queuing (CBWFQ), in
which the shaped rate is used to define an upper rate limit
while the bandwidth statement within the CBWFQ configuration is
used to define a minimum rate limit. FRTS is used to shape
Frame Relay traffic only. FRTS allows an individual PVC
(data-link connection identifier [DLCI]) to be shaped. FRTS can
use priority queuing (PQ), custom queuing (CQ), or weighted
fair queuing (WFQ) as the shaping queue and supports only FIFO