Contents

Introduction
Reasons of using Bandwidth Management
Theory of Bandwidth Management
Bucket and Token Algorithm
Traffic Shaping
  Class-based Shaping
  Committed Burst and Excess Burst
  PIR (Peak Information Rate)
  queue-limit
Traffic Policing
  Single-rate Two-color Policer
  Single-rate Three-color Policer
  Two-rate Three-color Policer

Introduction

Bandwidth Management is commonly used for the connection between enterprise and Internet Service Provider (ISP). When the speed of interface is larger than the Committed Information Rate (CIR), network administrator need to limit the bandwidth usage actively. Bandwidth Management involves two areas, Traffic Shaping and Traffic Policing. In this article, we will first take a look to the Bucket and Token Algorithm. Then, the configuration of Traffic Shaping and Traffic Policing are going to be introduced.

Reasons of using Bandwidth Management

The cost of Point-to-Point and Point-to-Multipoint connection for a remote site is relatively high. ISP only provides guarantee bandwidth under CIR only. For the traffic that exceed CIR, ISP do not ensure the arrival to destination without any drops. The excess bandwidth may also be charged. So, network administrator should implement Bandwidth Management to limit the usage of bandwidth.

Theory of Bandwidth Management

The theory of Bandwidth Management is very simple! While ISP told us the CIR, we limit the traffic! Bull shxt, huh? Please see the following diagram, it shows 2 Mbps CIR on a 10 Mbps interface.

bandwidth management

As you see, the interface only allow 2 Mbits transfer within every 1-second-period. Once 2 Mbits have been transmitted, it stops and waits for the next period. Since a 10 Mbps use only 0.2 second for sending 2 Mbits, it then waits for 0.8 second. But the problem is 0.8 second is really very long! Take VoIP traffic as an example, the time gap between two consecutive VoIP packets should less than 100ms (0.1 second). Usually, VoIP packets are configured as high priority by QoS, they will be at the very front position of a queue. A long waiting time will be a big impact to VoIP traffic.

If the 1-second-period is shorten to 0.25 second and only 0.5 Mbits are allowed to transmit in every period, the bandwidth is still limited to 2Mbits! But the waiting time between the packets is decreased.

bandwidth management

Bucket and Token Algorithm

The Bucket and Token Algorithm is used to explain Bandwidth Management. In Bucket and Token Algorithm, an interface must discard a token in the bucket when transmitting 1 bit. If no token is remained in the bucket, transmit is not allowed. For every Time Interval Tc, a number of tokens which equals to Committed Burst Bc are replenished to the bucket. For the above example, system replenishs 500,000 tokens to the bucket every 0.25 second. Since the capacity of bucket is also equal to Committed Burst Bc and all excess tokens will be discarded, the transmitted speed will never exceed the limitation.

bandwidth management

If the CIR is 2 Mbps and we choose 500,000 bits as the Committed Burst Bc, the Time Interval Tc can be calculated easily by the following formula and the result is 0.25 second. In other words, there will be 4 cycles to replenish the tokens in every second.

                                                      Tc = Bc / CIR

The value of Bc can be tuned. In the previous example, it shows that a large size Bc causes the period too long thus delay of transmitting increases. So how about a small Bc? Now, we use a 10Mbps interface speed, 1 Mbps CIR to transmit a 1,500 Bytes (12,000 bits) packet as an example. We are going to calculate the transmission time for different Bc values.

1. If Bc = 900, Tc = 900/1,000,000=0.0009 second
2. Packet size 12,000 divided by 900 find out that it takes more than 13 cycles for the transmmission.
3. 13 cycles transmission time equals to 13 x 0.0009 = 0.0117 second. In 0.0117 second, it transmit 900 bits per cycle and a total of 11,700 bits have been transmitted. The remaining 300 bits will be transmitted in the next cycle.
4. At 14th cycle, the interface use the speed of 10 Mbps to transmit the remaining 300 bits, 300/10,000,000 = 0.00003 second
5. So, the total transmition time is 0.0117+0.00003=0.01173 second, it is also called lead time.

For different Bc, the lead time can be summurized and show in the following chart. As you see in the chart, the lead time can have big differences depends on the value of Bc. When Bc reaches the packet size (12,000 bits), the lead time is minimized. It is a good choice to set the Bc equals to the packet size. But the packet size is vary in a real network environment, so we need to know the majority types and the importance of packets. For example, if most traffic are VoIP packets, then Bc can be set as the payload size of RTP, say 160 Bytes while using G711. If most traffic are large file transfer, then Maximum Transmission Unit (MTU) 1,500 Bytes will be a good choice.

bandwidth management

Traffic Shaping

If you are comfortable with the above theory, I will start talking about Traffic Shaping. The word shaping means that when the transmitting speed is larger than CIR, the packets are buffered and wait for future transmission. By using shaping, the bandwidth is used efficiently. In the following diagram, we can see that the traffic after shaping becomes flat and smooth.

bandwidth management

Source

Class-based Shaping

Let us try a basic shaping setting.

Step 1: Configure policy map. The keyword class-default means all unclassified traffic since QoS classification is not set in this example, all traffic will be controlled by one shaping configuration. Of course we can apply different shaping to different traffic class, but we seldom do this because the traffic class bandwidth is already controlled by CBWFQ and LLQ. I will talk about classification and QoS setting in the QoS article that will be written in future.

Please use average (explain later) for the first parameter of the shape command. The second one is the CIR. The third one is the Committed Burst Bc. And please use 0 for the last parameter (explain later).

R2(config)#policy-map SHAPE-TO-1M
R2(config-pmap)#class class-default
R2(config-pmap-c)#shape average 1m 12000 0

Stpe 2: Apply the policy map to the outgoing interface.

R2(config)#int ethernet 1/1
R2(config-if)#service-policy output SHAPE-TO-1M

Use show policy-map interface command to check the result.

R2#show policy-map interface ethernet 1/1
 Ethernet1/1 

  Service-policy output: SHAPE-TO-1M

    Class-map: class-default (match-any)  
      7944 packets, 7651699 bytes
      5 minute offered rate 20000 bps, drop rate 0000 bps
      Match: any 
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/2/0
      (pkts output/bytes output) 7944/7651699
      shape (average) cir 1000000, bc 12000, be 0
      target shape rate 1000000

Committed Burst and Excess Burst

After the shaping configuration, you think it is time for coffee but your ISP account manager called and introduced you a new plan. You now may pay a little bit more to make your bandwidth burstable above the CIR. What does it mean? Actually, the infrastructure of ISP is serving a number of customers who all have their own CIR. But ISP knows that not all customers use bandwidth up to CIR at the same time. So, they have some rooms for selling the the remaining bandwidth as an over-subscription. For example, other than the 1 Mbps guarantee bandwidth, you may now use an extra non-guarantee 0.5 Mbps bandwidth. Non-guarantee means that the traffic can only be delivered when there is no congestion in the ISP infrastructure. So how to modify the shaping setting?

Use the bucket diagram again, the original setting is on the left hand side. If extra bandwidth is going to be used, we can increase the size of the bucket so that it can contain more tokens. Please be reminded that the speed of replenishment is not changed. When the traffic is small, tokens are not used up in each cycle and stored in the bucket and finally reach Bc + Be. If Be is set to 6,000, 12,000 + 6,000 tokens may be used in the same period. At this moment, the theoretical bandwidth reaches 18,000/0.012 = 1.5 Mbps. But the average bandwidth does not change because the speed of token replenishment remain unchanged. You may think the used bandwidth is stored when it is not used and explode when necessary.

bandwidth management

The command for modifying Be:

R2(config)#policy-map SHAPE-TO-1M
R2(config-pmap)#class class-default
R2(config-pmap-c)#shape average 1m 12000 6000
R2#show policy-map interface ethernet 1/1
 Ethernet1/1 

  Service-policy output: SHAPE-TO-1M

    Class-map: class-default (match-any)  
      16123 packets, 15515474 bytes
      5 minute offered rate 19000 bps, drop rate 0000 bps
      Match: any 
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/4/0
      (pkts output/bytes output) 16123/15515474
      shape (average) cir 1000000, bc 12000, be 6000
      target shape rate 1000000

PIR (Peak Information Rate)

We can also increase the speed of replenishment in order to use extra bandwidth. Change the keyword average to peak in the shape command, then the speed of replenishment of tokens become Bc + Be. While Tc keeps original value, the transmission speed increase which is also called PIR (Peak Information Rate).

bandwidth management

Setting will be like,

R2(config)#policy-map SHAPE-TO-1M
R2(config-pmap)#class class-default
R2(config-pmap-c)#shape peak 1m 12000 6000
R2#show policy-map interface ethernet 1/1
 Ethernet1/1 

  Service-policy output: SHAPE-TO-1M

    Class-map: class-default (match-any)  
      19117 packets, 18386110 bytes
      5 minute offered rate 19000 bps, drop rate 0000 bps
      Match: any 
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/4/0
      (pkts output/bytes output) 19117/18386110
      shape (peak) cir 1000000, bc 12000, be 6000
      target shape rate 1500000

Network administrator should remember that the ISP only guarantee transmit for the traffic that is under CIR, but may drop or delay for the traffic that exceed CIR. Please consider before choosing the above methods.

queue-limit

When talking about shaping at the beginning, we said that the packets will be stored in the buffer. The buffer is also called queue-limit. The size of the queue-limit can be modified. If the queue-limit is full, tail drop occurs. All packets that cannot go into the queue because of queue full will be dropped unless WRED is used. WRED is another QoS topic that I will explain in the QoS article later. To modify the queue-limit, use the following command:

R2(config-pmap-c)#queue-limit 200
R2#show policy-map interface ethernet 1/1
 Ethernet1/1 

  Service-policy output: SHAPE-TO-1M

    Class-map: class-default (match-any)  
      27918 packets, 26846162 bytes
      5 minute offered rate 20000 bps, drop rate 0000 bps
      Match: any 
      Queueing
      queue limit 200 packets
      (queue depth/total drops/no-buffer drops) 0/4/0
      (pkts output/bytes output) 27918/26846162
      shape (peak) cir 1000000, bc 12000, be 6000
      target shape rate 1500000

The unit of queue-limit can be Bytes or time (ms or us). If time is used, system calculate the size of Bytes by using [CIR x Time]. It is very useful. For example, while live video is the main traffic in the network. If the video stream delay for 1 second, it may be meaningless for the client and we may set the queue-limit to 1000ms so that the packets that delay more that 1 second are not able to enter the queue and drop. It can reserve space for the future payload packets.

R2(config-pmap-c)#queue-limit 1000 ms
R2#show policy-map interface ethernet 1/1
 Ethernet1/1 

  Service-policy output: SHAPE-TO-1M

    Class-map: class-default (match-any)  
      30041 packets, 28890083 bytes
      5 minute offered rate 20000 bps, drop rate 0000 bps
      Match: any 
      Queueing
      queue limit 1000 ms/ 125000 bytes
      (queue depth/total drops/no-buffer drops) 0/4/0
      (pkts output/bytes output) 30041/28890083
      shape (peak) cir 1000000, bc 12000, be 6000
      target shape rate 1500000

A small queue-limit size may trigger unnecessary QoS Congestion Management (will be explained in the QoS article). Oppositely, a large queue-limit size makes packets wait for a long time in the queue thus packet delay happens.

Traffic Policing

Now, we change our role to pretend to be a network administrator of ISP. Although we have already told our customer the CIR or PIR, they may not configure their bandwidth management as expected and push their traffic to our side. Shaping is not a solution for the ISP in this scenario since the traffic has been already sent to ISP. What we should do is use Traffic Policing to decide how to treat the packets. Send, drop or other action? Traffic Policing use Bucket and Token Algorithm like Traffic Shaping. But the difference is policing use bytes as the token unit but not bits. Also, policing do not buffer traffic but only make decision to the packet handling based on policy or called color. There are three type of traffic policing: Single-rate Two-color Policer, Single-rate Three-color Policer and Two-rate Three-color Policer (or Dual-rate Three-color Policer).

Single-rate Two-color Policer

Base on the sufficient of tokens in Bc Bucket to execute Green Action (Conform Action) or Red Action (Exceed Action). The action can be configured and the options are transmit, drop or remark.

bandwidth management

The following policing set CIR to 1 Mbps, set Bc to 1500 Bytes. Conform action will be transmit and exceed action will be drop. By using this configuration, the packets that sent by customers which exceed CIR will be dropped.

R3(config)#policy-map ONE-RATE-TWO-COLOR
R3(config-pmap)#class class-default
R3(config-pmap-c)#police cir 1000000 bc 1500
R3(config-pmap-c-police)#conform-action transmit 
R3(config-pmap-c-police)#exceed-action drop
R3(config-pmap-c-police)#exit
R3(config-pmap-c)#exit
R3(config-pmap)#exit
R3(config)#int ethernet 1/0
R3(config-if)#service-policy input ONE-RATE-TWO-COLOR
R3#show policy-map interface ethernet 1/0
 Ethernet1/0 

  Service-policy input: ONE-RATE-TWO-COLOR

    Class-map: class-default (match-any)  
      42 packets, 41468 bytes
      5 minute offered rate 1000 bps, drop rate 1000 bps
      Match: any 
      police:
          cir 1000000 bps, bc 1500 bytes
        conformed 27 packets, 18758 bytes; actions:
          transmit 
        exceeded 15 packets, 22710 bytes; actions:
          drop 
        conformed 1000 bps, exceeded 1000 bps

Single-rate Three-color Policer

Add a Be bucket and any tokens that excess from Bc will be moved to Be bucket. Check the sufficient of tokens in both bucket to make decision for Green Action (Conform Action), Yellow Action (Exceed Action) or Red Action (Violate Action). The differences between Single-rate Three-color and Single-rate Two-color is Three-color accepts exceed traffic, such as remark it and transmit.

bandwidth management

The policing configuration below add Be parameter to make it becomes Single-rate Three-color. The exceed action is set to set-dscp-transmit af23 to change the DSCP of the packet before it is sent. (DSCP theory will be discussed in the QoS article)

R3(config)#policy-map ONE-RATE-THREE-COLOR
R3(config-pmap)#class class-default
R3(config-pmap-c)#police cir 1000000 bc 1500 be 1500
R3(config-pmap-c-police)#conform-action transmit 
R3(config-pmap-c-police)#exceed-action set-dscp-transmit af23 
R3(config-pmap-c-police)#violate-action drop
R3(config-pmap-c-police)#exit
R3(config-pmap-c)#exit
R3(config-pmap)#exit
R3(config)#int ethernet 1/0
R3(config-if)#service-policy input ONE-RATE-THREE-COLOR 
R3#show policy-map interface ethernet 1/0
 Ethernet1/0 

  Service-policy input: ONE-RATE-THREE-COLOR

    Class-map: class-default (match-any)  
      21 packets, 21446 bytes
      5 minute offered rate 1000 bps, drop rate 1000 bps
      Match: any 
      police:
          cir 1000000 bps, bc 1500 bytes, be 1500 bytes
        conformed 13 packets, 9334 bytes; actions:
          transmit 
        exceeded 0 packets, 0 bytes; actions:
          set-dscp-transmit af23
        violated 8 packets, 12112 bytes; actions:
          drop 
        conformed 1000 bps, exceeded 0000 bps, violated 1000 bps

Two-rate Three-color Policer

Compared to Single-rate Three-color, Two-rate Three-color replenish Be bucket by PIR instead of drawing from Bc bucket. The traffic that exceed CIR is easily detected and the predefined action is done.

bandwidth management

The following configuration contains PIR parameter to implement Two-rate Three-color Policing.

R3(config)#policy-map TWO-RATE-THREE-COLOR
R3(config-pmap)#class class-default
R3(config-pmap-c)#police cir 1000000 bc 1500 pir 1500000 be 1500
R3(config-pmap-c-police)#conform-action transmit 
R3(config-pmap-c-police)#exceed-action set-dscp-transmit af23 
R3(config-pmap-c-police)#violate-action drop
R3(config-pmap-c-police)#exit
R3(config-pmap-c)#exit
R3(config-pmap)#exit
R3(config)#int ethernet 1/0
R3(config-if)#service-policy input TWO-RATE-THREE-COLOR 
R3#show policy-map interface ethernet 1/0
 Ethernet1/0 

  Service-policy input: TWO-RATE-THREE-COLOR

    Class-map: class-default (match-any)  
      83 packets, 84250 bytes
      5 minute offered rate 3000 bps, drop rate 3000 bps
      Match: any 
      police:
          cir 1000000 bps, bc 1500 bytes
          pir 1500000 bps, be 1500 bytes
        conformed 51 packets, 35802 bytes; actions:
          transmit 
        exceeded 0 packets, 0 bytes; actions:
          set-dscp-transmit af23
        violated 32 packets, 48448 bytes; actions:
          drop 
        conformed 3000 bps, exceeded 0000 bps, violated 3000 bps