QoS policing/shaping

luke_bibby · August 2010

Fellow TE'ers,

I have a 2811 router which has a 10Mbps connection to the net. I also have 3 customers which connect into the router and I would like to:

ensure that each customer gets a minimum bandwidth of 3Mbps
reserve 1Mbps of bandwidth which is not available to any of the customers
allow each customer to use any available bandwidth (the 9Mbps) if the other customers are not using their full 3Mbps. (ie. if customer 1 is only using 1Mbps, customer 2 is using 1Mbps, allow customer 3 to use up to 7Mbps for this particular time)

I have read lots of doco and bought myself hte QoS book from Odom but I am still unsure of how I can acheive this. Do I want to police or shape?

Using MQC, I have created the three classes to match the different customers:

R(config)# class-map match-all CUST1_CMAP
R(config-cmap)# match access-group 1
R(config)# class-map match-all CUST2_CMAP
R(config-cmap)# match access-group 2
R(config)# class-map match-all CUST3_CMAP
R(config-cmap)# match access-group 3

If I was policing, would the following command under each customer's policy-map work?:
police cir percent 30 pir percent 90 conform transmit exceed transmit violate drop

Any help would be greatly appreciated

burbankmarc · August 2010

You want to police on the ingress, and shape on the egress, so if this is incoming traffic then you will police it.

And what your doing isn't the way i'd do it. I would police the circuit to your 10Mbps then just use CBWFQ to ensure that each customer gets at least 3mbps and leave 1Mbps for your class-default.

So it'd look like this:

policy-map police
class class-default
police 10000000 conform-action transmit exceed-action drop
service-policy customers

policy-map customers
class CUST1_CMAP
bandwidth 3000
class CUST2_CMAP
bandwidth 3000
class CUST2_CMAP
bandwidth 3000 
class class-default
bandwidth 1000
fair-queue

That sets the circuit 10Mbps and no more. It also ensures that every customer will get at least 3Mbps and can use more bandwidth if it's available. Also, depending on if you're using voice you may need to tweak the policing section.

GT-Rob · August 2010

^ that will allow each customer to use 10MB though, not the 9. So you would have to put a max of 9mb on each class.

Technically you could even just set the interface speed to 10MB if you didn't want to police there, but I guess it doesn't matter.

As for police vs shape, they do 'mostly' the same thing, but shaping tries to buffer some of the packets when bursts happen instead of dropping. For the wording of this question, I would stay with a police on the bandwidth.

burbankmarc · August 2010

Ah, you are indeed correct. So if you were hard set on the max of 9Mbps for each customer you could just add another police to each CUST_CMAP class

e.g.

policy-map customer
class CUST1_CMAP
bandwidth 3000
police 9000000 conform-action transmit exceed-action drop

etc..

luke_bibby · August 2010

Great, thanks guys.. this has been really helpful

Does this policy-map get applied to the outgoing interface to the net? Each customer connects into one of the ports on a HWIC-4ESW, and the WAN connection comes off one of the builtin Fast Ethernet ports.

abhustler · August 2010

Apply it outbound on the WAN interface

burbankmarc · August 2010

You mean apply it inbound on the WAN.

abhustler · August 2010

burbankmarc wrote: »

You mean apply it inbound on the WAN.

Well after looking at it some more I agree that it would better to apply it inbound if the concern is download speed (which is likely the case). I'm used to seeing policy maps on our MPLS network which are tagging packets which requires applying the policy outbound so packets can be correctly marked. However, assuming these clients are hosting devices like web servers wouldn't it make more sense to apply the policy outbound to effectively limit the upload bandwidth utilization because applying the policy inbound will do nothing to traffic leaving the router making it possibly for a host to send all 10M.

gorebrush · August 2010

Correct me if I'm wrong, but I thought you could only Police/Shape in the outgoing direction?

How can you police what's coming in on the wire? Or have I missed something?

networker050184 · August 2010

gorebrush wrote: »

Correct me if I'm wrong, but I thought you could only Police/Shape in the outgoing direction?

How can you police what's coming in on the wire? Or have I missed something?

Police in or out and shape out only. It doesn't stop the traffic from coming across the wire, but it does stop it from getting any further.

gorebrush · August 2010

Oops, oh yeah. My bad.

diswak · August 2010

burbankmarc wrote: »

You mean apply it inbound on the WAN.

I could be wrong, but I thought you can only que packets in the outbound direction.

APA · August 2010

if your going to make use of shaping and policing your customers traffic you would have to apply it outbound on the WAN interface.......

If you want to police the incoming traffic towards your customers then apply an inbound policy map that gives them specific policing rates without the shaping configuration..... or make use of CAR...

Therefore controlling your traffic completely..... in\out...

You can't shape traffic coming into your network from an external source due to available queues........ that is considered traffic coming into an interface therefore the only available method is policing it...

Like Network said above... Policing = in or out & Shaping = out only, making use of available outbound queues\queuing mechanisms...

Are you supplying QoS for voice traffic? If so then you might want to add two stanza's into the policy map as well to match on signalling\control traffic & voice payload traffic..... and police it to a specific rate depending on what codecs are in effect and call admissions rates etc....... as you probably know that shaping voice traffic in congested periods is pointless....

Hope this helps...

QoS policing/shaping

Comments