qos07-傳統(tǒng)命令行的shaping and可不講

1、Traffic Shaping and Policing流量整形和監(jiān)管Traffic Shaping and PolicingTraffic shaping and policing mechanisms are used to rate-limit traffic classes. 監(jiān)管和流量整形都用于限速They have to be able to classify packets and meter their rate of arrival.引入一個(gè)額外的度量（meter）即令牌桶Traffic shaping delays excess packets so that they s

2、tay within the rate limit.整形對超出速率的報(bào)文做一個(gè)緩存，所以對流量有一個(gè)時(shí)延，而不丟包Traffic policing typically drops excess traffic so that it stays within the limit; alternatively, it can remark excess traffic.流量監(jiān)管丟棄超出速率的報(bào)文，或者可以對報(bào)文做重標(biāo)記ClassifierMarkerDropperMeterTrafficStreamWhy Use Rate Limiting?To handle congestion at ingr

3、ess to ATM/Frame Relay network with asymmetric link bandwidths-處理非對稱鏈路在入方向的擁塞To limit access to resources when high-speed access is used but not desired-限制一定速率的接入To limit certain applications or classes-限制一定的應(yīng)用或者某類流量To implement a virtual TDM systemShaping vs. PolicingBenefits of shaping:Shaping doe

4、s not drop packets.整形通常不丟棄報(bào)文Shaping supports interaction with Frame Relay congestion indication.整形支持幀中繼擁塞標(biāo)識（不在考試大綱）Benefits of policing:Policing supports marking.管制支持標(biāo)記Buffer usage is not increased (shaping requires an additional queuing system).不會增加buffer的使用，而整形需要需要額外的shaping queueHow Do Routers Me

5、asure Traffic Rate? Routers use the token bucket mathematical model to keep track of packet arrival rate.用令牌桶機(jī)制來度量到達(dá)的報(bào)文速率The token bucket model is used whenever a new packet is processed.The return value is conform or exceed-令牌桶即度量，會返回conform或者execeedBandwidthTimeLink BandwidthRate LimitExceeding Tr

6、afficConforming Traffic700700Token Bucket500 bytes500 bytesConform Action200Token Bucket (cont.)300 bytesExceed Action300 bytesToken BucketBc is normal burst size (specifies sustained rate)-正常流量大小Be is excess burst size (specifies length of burst)-突發(fā)流量大小Bc + BeBc of tokens is added every Tc msTc = B

7、c / CIRPIR=(Bc+Be)/Tc=(Bc+Be)除以Bc乘以CIRTimeLinkUtilizationTc2*Tc3*Tc4*Tc5*TcBcBcBcBcBcBcLink BWAverage BW(CIR)Be整形術(shù)語術(shù)語定義TC時(shí)間間隔，毫秒為單位，在該時(shí)間段允許發(fā)送BC比特BC承諾突發(fā)值，比特為單位，該值通常也定義在流量契約中CIR承諾訪問速率，以bit/s為單位。流量契約中定義的速率整形速率以bit/s為單位，通過特定配置對流量進(jìn)行整形。通常設(shè)置為與CIR相同的值BE超額突發(fā)值，在未發(fā)送流量一段時(shí)間后，BC之外允許發(fā)送的bitTc = Bc / CIR圖解流量整形為了達(dá)到平均

8、64kbit/s，在時(shí)間間隔內(nèi)，62.5毫秒發(fā)送數(shù)據(jù)包（1/2時(shí)間），所以BC=8000bit（1000字節(jié)）路由器以鏈路速度發(fā)送62.5毫秒，然后停止發(fā)送62.5毫秒，完成第一個(gè)時(shí)間間隔，然后開始重復(fù)該過程，一秒鐘之后8個(gè)時(shí)間間隔總共500毫秒發(fā)送了128kbit/s，即平均速率變成了64kbpsTraffic Shaping and Policing Mechanisms分類Shaping mechanisms:Generic traffic shaping (GTS)通用流量整形Frame Relay traffic shaping (FRTS)不在大綱內(nèi)Class-based shap

9、ingPolicing mechanisms:Committed access rate (CAR)Class-based policingSummaryUpon completing this lesson, you should be able to:Describe the need for implementing traffic policing and shaping mechanismsList traffic policing and shaping mechanisms available in Cisco IOSDescribe the benefits and drawb

10、acks of traffic shaping and policing mechanismsLesson ReviewHow do shaping and policing mechanisms keep track of the traffic rate?Which shaping mechanisms are available with Cisco IOS software?Which policing mechanisms are available with Cisco IOS software?What are the main differences between shapi

11、ng and policing?Generic Traffic Shaping后續(xù)課程不在大綱之列ObjectivesUpon completing this lesson, you will be able to: Describe the GTS mechanismDescribe the benefits and drawbacks of GTSConfigure GTS on Cisco routersMonitor and troubleshoot GTSGeneric Traffic ShapingTrafficStreamClassifierMarkerShaperDropper

12、MeterCan shape multiple classes (classification)可以整形多個(gè)流量Can measure traffic rate of individual classes (metering)度量不同的類但是不可以markingDelays packets of exceeding classes (shaping)會有更多的時(shí)延所以對時(shí)延敏感不太適合GTS Building BlocksClassifierClassifierClassifierNoNoNoPhysical InterfaceQueue(s)ShapingWFQYesYesYesShapin

13、gWFQShapingWFQNoNoNoYesYesYesForwarder分類然后進(jìn)入令牌桶算法，如果令牌桶中令牌足夠，那么轉(zhuǎn)到物理接口隊(duì)列，如果令牌不夠，那么放入GTS的shaping wfq隊(duì)列GTS OverviewGTS is multiprotocol.GTS uses WFQ for the shaping queue.通用流量整形的shaping隊(duì)列是WFQGTS can be implemented in combination with any queuing mechanismsGTS通用流量整形可以和任何隊(duì)列機(jī)制合用:FIFO queuingPriority queui

14、ng (PQ)Custom queuing (CQ)Weighted fair queuing (WFQ)GTS works on output only-GTS僅僅工作在出接口GTS ImplementationThe software queue may have no function if the sum of all shaping rates is less than the link bandwidth.首先在整形的WFQ隊(duì)列中調(diào)度，再轉(zhuǎn)到其他隊(duì)列，如果硬件隊(duì)列沒有滿直接跳過軟件隊(duì)列，此時(shí)沒用到軟件隊(duì)列（無調(diào)度機(jī)制）ShapingQueue(WFQ)SoftwareQueue(F

15、IFO, PQ, CQ, WFQ, .)HardwareQueue(FIFO)Dispatches packets at configured rateDispatches packets at line rateDispatches packets at line rateBypasses the software queue if it is empty and there is room in the hardware queueConfiguring GTSEnables traffic shaping of all outbound (sub)interface trafficIn

16、IOS versions prior to 11.2(19) and 12.0(4), optimum switching is disabled on all interfaces if traffic shaping is enabled on any interfacetraffic-shape rate bit-rate burst-size excess-burst-sizeRouter(config-if)#Configuring GTS (cont.)Bit rate: average traffic rate in bps (equivalent to Frame Relay

17、CIR)定義CIR，單位bpsBurst size: amount of traffic sent in a measurement interval in bits (equivalent to Frame Relay Bc)Default value: 1/8 of bit rate（BC，默認(rèn)是CIR的八分之一）traffic-shape rate bit-rate burst-size excess-burst-sizeRouter(config-if)#Configuring GTS (cont.)Excess burst size: amount of excess traffic

18、 that can be sent during the first burst in bps (equivalent to Frame Relay Be)Default value: no excess burst（默認(rèn)沒有BE）Measurement interval (Tc): computed from bit rate and burst sizeTc smaller than 25 ms is rejected: Tc greater than 125 ms is reduced（TC是25到125毫秒間的值）traffic-shape rate bit-rate burst-si

19、ze excess-burst-sizeRouter(config-if)#Configuring GTS (cont.)Traffic-shape group shapes outbound traffic matched by the specified access list.Several traffic-shape group commands can be configured on the same interface.多個(gè)group命令可以用在同一接口下The traffic-shape rate and traffic-shape group commands cannot

20、be mixed on the same interface.兩種命令不可混合使用A separate token bucket and shaping queue is maintained for each traffic-shape group command.Traffic not matching any access list is not shaped-如果沒有ACL匹配則不會進(jìn)行整形traffic-shape group access-list bit-rate burst excess-burstRouter(config-if)#GTSExample #1An ISP wa

21、nts to sell a service in which a customer may use all of an E1 line for 30 seconds in a burst, but on a long-term average is limited to 256 kbps.GTS parameters:Bit rate: 256,000output rate is 256,000 bps（CIR 250Kbps）Burst size32,000 the number of bits sent in 125 ms（BC是125毫秒內(nèi)發(fā)送的字節(jié)數(shù)）Excess burst size

22、: 61,440,000 = 2,048,000 x 30CoreCustomerGTSExample #1 (cont.)interface ethernet0/0 traffic-shape rate 256000 32000 61440000!interface serial1/0 traffic-shape rate 256000 32000 61440000Because the ISP wants to control the total amount of load, the configuration would be done on both the inbound and

23、outbound interfaces-在兩個(gè)方向進(jìn)行了配置WAN驗(yàn)證結(jié)果R1(config-if)#traffic-shape rate 256000 ? -配置CIR為256 Kbps bits per interval, sustained R1(config-if)#traffic-shape rate 256000 32000 61440000-32000為在TC間隔內(nèi)放入的bit數(shù)量即Bc，最后一個(gè)參數(shù)61440000一會我們再來討論驗(yàn)證：R1#show traffic-shape Interface S1/0 Access Target Byte Sustain Excess I

24、nterval Increment AdaptVC List Rate Limit bits/int bits/int (ms) (bytes) Active- 256000 7684000 32000 61440000 125 4000 - 我們來解讀這個(gè)驗(yàn)證信息，256000為CIR，單位是bps；32000為Bc，即在每個(gè)Tc時(shí)間內(nèi)放入的bit數(shù)，用公式Tc=Bc/Cir，那么Tc=32000/256000=1/8秒，即125ms，就是圖中的Interval=125.Tc只能通過計(jì)算得到，而不能配置4000字節(jié)=32000bit，其實(shí)這還是Bc值，不過單位變成了byte而已7684000

25、0=（61440000 ）/8,等價(jià)于BC+BE之后換算成字節(jié)數(shù)（Byte）CoreCustomerGTSExample #2The customer wants to be sure that web traffic will never use more than 64 kbps.WANinterface ethernet 0/0 traffic-shape group 101 64000interface serial 1/0 traffic-shape group 101 64000!access-list 101 permit tcp any any eq wwwMonitoring

26、 GTSRouter#show traffic-shape access Target Byte Sustain Excess Interval Increment AdaptI/F list Rate Limit bits/int bits/int (ms) (bytes) ActiveSe3/3 100000 2000 8000 8000 80 1000 -CIRBcBeTc=Bc/CIRMAX = (Bc + Be)/8Bc = Tc * CIRDo we listen to FECN/BECN?Displays current traffic shaping configuration

27、show traffic-shapeRouter(config)#Monitoring GTS (cont.)Router#show traffic-shape statistics Access Queue Packets Bytes Packets Bytes ShapingI/F List Depth Delayed Delayed ActiveSe3/3 77 16091 3733112 414 96048 yesDepth of the associated WFQ queue for delayed packetsNumber of packets/bytes sent on th

28、e interfaceSubset of the previous number of packets/bytes delayed via the WFQ queueDisplays traffic shaping statisticsshow traffic-shape statisticsRouter(config)#Monitoring GTS (cont.)router#show traffic-shape queueTraffic queued in shaping queue on Serial0 (depth/weight) 1/4096 Conversation 254, li

29、nktype: ip, length: 232 source: , destination: 7, id: 0 x0001, ttl: 208, TOS: 0 prot: 17, source port 11111, destination port 22222Displays the shaping queue contentsshow traffic-shape queueRouter(config)#在擁塞的情況下還會看到更多具體信息，甚至可以看到WFQ的權(quán)重值Committed Access Rate該部分V5大綱已經(jīng)取消ObjectivesUpon completing this l

30、esson, you will be able to: Describe the CAR mechanismDescribe the benefits and drawbacks of CARDescribe the differences between CAR, GTS, and FRTSConfigure CAR on Cisco routersMonitor and troubleshoot CARCommitted Access RatePrimarily intended for rate limitingCan be used on inbound and outbound tr

31、afficDoes not queue (delay) packetsCan also mark packetsCan be implemented for differentiated markingClassifierMarkerDropperMeterInboundorOutboundCAR on Input and OutputCAR on input is processed just before forwarding (most other QoS mechanisms are processed before CAR).CAR on output is processed im

32、mediately after forwarding (most other QoS mechanisms are processed after CAR).InboundClassifierMarkerDropperMeterOutboundClassifierMarkerDropperMeterForwardingQueuing CAR ImplementationThe software queue may have no function if the sum of all CAR rates is less than the link bandwidth.CAR在軟件隊(duì)列之前，如果C

33、AR的速率小于帶寬可以導(dǎo)致隊(duì)列調(diào)度機(jī)制不生效SoftwareQueue(FIFO, PQ, CQ, WFQ, .)HardwareQueue(FIFO)Dispatches packets at line rateDispatches packets at line rateBypasses the software queue if it is empty and there is room in the hardware queueCARDispatches packets at configured rateInterface-Wide CAR DiagramClass 1?Class

34、2?Class n?CARCARCARcontinuecontinuetransmittransmittransmitdropdropdropOutput QueueorForwardCAR has three different actions:TransmitContinueDropCAR DiagramMeterConforms?Set IP Precedence? Set DSCP?Set MPLS Experimental? Set QoS group? Mark?Transmit?Yes / NoSet IP PrecedenceSet DSCPSet MPLS Experimen

35、talSet QoS GroupContinue?Drop?YesYesYesNoNoForwardorEnqueueGo toNextCAR CommandMarking depends on whether the packet conforms to or exceeds the policy.YesYesYesYesConfiguring CARSpecifies all four conditioner elements for a particular traffic classRepeat this command for different classes of traffic

36、If a match is not found, the default action is to transmitrate-limit input | output access-group rate-limit #acl | qos-group number | dscp dscp mean-rate Bc Be conform-action drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue va

37、lue set-dscp-transmit value | set-dscp-continue value | set-mpls-transmit value | set-mpls-continue value exceed-action drop | transmit | continue | set-prec-transmit value | set-prec-continue value | set-qos-transmit value | set-qos-continue value set-dscp-transmit value | set-dscp-continue value |

38、 set-mpls-transmit value | set-mpls-continue value Router(config-if)#CAR ClassificationIP packets are classified:Based on their direction (input or output)Optional classification based on:Numbered IP access list (standard or extended)IP Precedence rate-limit access list MAC address rate-limit access

39、 listQoS group set by a previous conditioner in the same nodeDSCPrate-limit input | output access-group rate-limit #acl | qos-group number | dscp dscp.Router(config-if)#Null CAR ClassifierSelects packets in ingress or egress direction that have not been classified with any previous rate-limit comman

40、ds on this interfaceUsually used as the last rate-limit command on an interfacerate-limit input | output .Router(config-if)#CAR ClassifierBased on IP Access ListConfigures an IP access list to be used as a packet classifierClassifies packets received over an interface with the IP access listClassifi

41、cation based on IP Precedence can be done with IP access listrate-limit input | output access-group number .Router(config-if)#access-list acl-index deny | permit source source-wildcardaccess-list acl-index deny | permit protocol source source-wildcard destination destination-wildcard precedence prec

42、edence tos tos dscp dscp logRouter(config)#CAR Classifier Based on IP PrecedenceThe IP Precedence classifier uses rate-limit access lists from 1 to 99 to match on IP Precedence values.rate-limit input | output access-group rate-limit number .Router(config-if)#IP Precedence-BasedRate-Limit Access Lis

43、tACL index is between 1 and 99Matches packets with specified IP PrecedenceOnly one line is allowed in the access listACL index is between 1 and 99Matches packets that match any precedence value specified in the maskPrecedence mask has one bit for each precedence value (Bit 0 = Precedence 0)access-li

44、st rate-limit acl-index precedenceRouter(config)#access-list rate-limit acl-index mask precedence-maskRouter(config)#CAR Classifier Based on Upstream MAC AddressThe upstream MAC address classifier uses rate-limit access lists from 100 to 199 to match on the MAC address of an upstream router or host.

45、rate-limit input | output access-group rate-limit number .Router(config-if)#MAC Address Rate-Limit Access ListACL index is between 100 and 199Matches packets received from upstream neighbor with specified MAC addressOnly the MAC address is allowed in the access list (each upstream neighbor requires

46、a different rate-limit statement)access-list rate-limit acl-index mac-addressRouter(config)#QoS Group CAR ClassifierSelects IP packets already marked in this node with specified QoS groupQoS group marking can be done through:Policy-based routingCEF marking based on QPPBInbound rate limit on another

47、interfaceInbound class-based marking on another interfaceAvailable only on high-end platformsrate-limit input | output qos-group number .Router(config-if)#DSCP-Based CAR ClassifierSelects IP packets marked with the specified DiffServ code pointDSCP marking could be done through:Rate limiting on anot

48、her interface or routerClass-based marking on another interface or routerrate-limit input | output dscp dscp .Router(config-if)#CAR MeterThe rate-limit meter measures the contract compliance of a traffic class selected with a classifier.A modified token bucket algorithm is used:mean-rate specifies a

49、verage traffic rate.Bc specifies the normal burst size.Be specifies the excess burst size.The token bucket size is defined by Be alone.rate-limit input | outputaccess-group rate-limit number | qos-group number | dscp dscpmean-rate Bc Be.Router(config-if)#CAR ActionsCAR actions can be split into two

50、subactions:Marking actionProcessing actionMarking actions support the setting of:IP PrecedenceDSCPMPLS experimental bitsQoS groupProcessing actions:Transmitpacket is transmittedContinuepacket is also processed by the next “rate-limit” commandDroppacket is droppedCAR Actions (cont.)Processing actions

51、 “transmit,” “continue,” and “drop” can be used as standalone actions.Processing actions “transmit” and “continue” can be combined with marking actions (set-mark_action-proc_action):set-prec-transmitset-qos-transmitset-mpls-transmitset-dscp-transmitset-prec-continueset-qos-continueset-mpls-continues

52、et-dscp-continueCAR Actions (cont.)Conforming and exceeding packets can be configured with different actions.There are three typical uses of CAR:Pure rate limiting:Transmit conforming packetsDrop exceeding packetsDifferentiated marking:Transmit conforming packets with marker value x (e.g., IP Preced

53、ence 3)Transmit exceeding packets with marker value y (e.g., IP Precedence 2)Pure marking:Transmit confirming and exceeding packets with the same marker valueDisplaying CAR Parameters and StatisticsRouter#show interfaces serial 0/0 rate-limitSerial0 Input matches: qos-group 4 params: 128000 bps, 640

54、00 limit, 128000 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: set-prec-transmit 0 last packet: 421250660ms ago, current burst: 0 bytes last cleared 00:00:59 ago, conformed 0 bps, exceeded 0 bps Output matches: access-group 181 params: 8000 bps, 8

55、000 limit, 16000 extended limit conformed 19 packets, 21576 bytes; action: set-prec-transmit 3 exceeded 5 packets, 7520 bytes; action: drop last packet: 145344ms ago, current burst: 11552 bytes last cleared 00:03:01 ago, conformed 0 bps, exceeded 0 bpsDisplays CAR parameters and statisticsshow inter

56、faces intf rate-limitRouter#Display Rate-LimitAccess ListsRouter#show access-lists rate-limitRate-limit access list 10 1Rate-limit access list 11 mask 81Rate-limit access list 120 4000.1234.ABCDList rate-limit access listsshow access-lists rate-limitRouter(config)#CAR: Limiting Example #1A service p

57、rovider connects all its customers via 2 Mbps physical leased lines (or ADSL links) and uses CAR to limit the actual amount of traffic the user can send or receive.In addition, several differentiated services could be provided based on customer needs.CAR: Limiting Example #1 (cont.)ISPCustomerCustom

58、er2 Mbps 2 MbpsCustomer2 MbpsNAPInternetinterface serial 0/0rate-limit input 256000 4000 96000 conform-action transmit exceed-action droprate-limit output 256000 4000 96000 conform-action transmit exceed-action dropCAR: Limiting and Marking Example #2Web traffic is limited to 512 kbps and transmitted with higher precedence:Excess web traffic is classified as regular traffic.All other traffic is limited to 256 kbps and transmitted with Precedence 0:Excess traffic is dropped.Burst siz