Control Plane Policing (CPP)

Most of the traffic travels through the router via the data plane, but a RP must handle some things, like routing updates, or network management traffic, Control Plane Policing (CPP) (or CoPP for the 6500 implementation)), is a dedicated control plane and can be configured with MQC to provide filtering and policing.
</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Router>en</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Router#conf ter</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Enter configuration commands, one per line.  End with CNTL/Z.</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Router(config)#hostname R2</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#int f1/0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-if)#ip add 10.1.12.2 255.255.255.0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-if)#no sh</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-if)#exit</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#do ping 10.1.12.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Type escape sequence to abort.</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Sending 5, 100-byte ICMP Echos to 10.1.12.1, timeout is 2 seconds:</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">.!!!!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Success rate is 80 percent (4/5), round-trip min/avg/max = 8/58/116 ms</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#ip access-list ex 101</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-ext-nacl)#permit icmp any any</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-ext-nacl)#exit</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#class-map ICMP</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cmap)#ma access-group 101</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cmap)#exit</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#policy-map TEST</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-pmap)#class ICMP</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-pmap-c)#drop</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-pmap-c)#exit</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-pmap)#control-plane</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#?</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Control Plane configuration commands:</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">exit            Exit from control-plane configuration mode</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">no              Negate or set default values of a command</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">service-policy  Configure QOS Service Policy</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#service-policy in TEST</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#do show pol</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">*Feb 28 00:53:03.359: %CP-5-FEATURE: Control-plane Policing feature enabled on</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ontrol plane aggregate path</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">icy-map</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#do show policy-map</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Policy Map TEST</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Class ICMP</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">drop</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#no service-policy in TEST</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#do deb ip icmp</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ICMP packet debugging is on</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">*Feb 28 00:53:47.287: ICMP: echo reply sent, src 10.1.12.2, dst 10.1.12.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">*Feb 28 00:53:47.351: ICMP: echo reply sent, src 10.1.12.2, dst 10.1.12.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">*Feb 28 00:53:47.403: ICMP: echo reply sent, src 10.1.12.2, dst 10.1.12.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">*Feb 28 00:53:47.411: ICMP: echo reply sent, src 10.1.12.2, dst 10.1.12.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">*Feb 28 00:53:47.419: ICMP: echo reply sent, src 10.1.12.2, dst 10.1.12.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#control-plane</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#service-policy in TEST</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">*Feb 28 00:53:56.139: %CP-5-FEATURE: Control-plane Policing feature enabled on</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ontrol plane aggregate path</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config-cp)#do deb ip packet</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">IP packet debugging is on</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R2(config)#do show policy-map control-plane all</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Control Plane</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Service-policy input: TEST</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Class-map: ICMP (match-all)</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">15 packets, 1710 bytes</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">5 minute offered rate 0 bps, drop rate 0 bps</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Match: access-group 101</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">drop</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Class-map: class-default (match-any)</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">14 packets, 1420 bytes</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">5 minute offered rate 0 bps, drop rate 0 bps</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Match: any</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">
So ICMP was silently dropped
You can use these amazing feature, to limit for exameple SYN destinated to the RP – Just a thought
Victor.-

Most of the traffic travels through the router via the data plane, but a RP must handle some things, like routing updates, or network management traffic, Control Plane Policing (CPP) (or CoPP for the 6500 implementation)), is a dedicated control plane and can be configured with MQC to provide filtering and policing.


Router
Router#conf ter
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R2
R2(config)#int f1/0
R2(config-if)#ip add 10.1.12.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#
R2(config)#
R2(config)#do ping 10.1.12.1
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.12.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 8/58/116 ms

R2(config)#
R2(config)#ip access-list ex 101
R2(config-ext-nacl)#permit icmp any any
R2(config-ext-nacl)#exit
R2(config)#class-map ICMP
R2(config-cmap)#ma access-group 101
R2(config-cmap)#exit
R2(config)#policy-map TEST
R2(config-pmap)#class ICMP
R2(config-pmap-c)#drop
R2(config-pmap-c)#exit
R2(config-pmap)#control-plane
R2(config-cp)#?
Control Plane configuration commands:

exit            Exit from control-plane configuration mode
no              Negate or set default values of a command
service-policy  Configure QOS Service Policy
R2(config-cp)#service-policy in TEST
*Feb 28 00:53:03.359: %CP-5-FEATURE: Control-plane Policing feature enabled on
ontrol plane aggregate path

R2(config-cp)#do show policy-map
Policy Map TEST
Class ICMP
drop
R2(config-cp)#no service-policy in TEST
R2(config-cp)#do deb ip icmp
ICMP packet debugging is on
R2(config-cp)#
*Feb 28 00:53:47.287: ICMP: echo reply sent, src 10.1.12.2, dst 10.1.12.1
*Feb 28 00:53:47.351: ICMP: echo reply sent, src 10.1.12.2, dst 10.1.12.1
*Feb 28 00:53:47.403: ICMP: echo reply sent, src 10.1.12.2, dst 10.1.12.1
*Feb 28 00:53:47.411: ICMP: echo reply sent, src 10.1.12.2, dst 10.1.12.1
*Feb 28 00:53:47.419: ICMP: echo reply sent, src 10.1.12.2, dst 10.1.12.1
R2(config-cp)#
R2(config-cp)#
R2(config-cp)#control-plane
R2(config-cp)#service-policy in TEST
R2(config-cp)#
R2(config-cp)#
R2(config-cp)#

*Feb 28 00:53:56.139: %CP-5-FEATURE: Control-plane Policing feature enabled on
ontrol plane aggregate path

R2(config-cp)#
R2(config-cp)#do deb ip packet
IP packet debugging is on
R2(config)#do show policy-map control-plane all
Control Plane
Service-policy input: TEST
Class-map: ICMP (match-all)
15 packets, 1710 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
drop
Class-map: class-default (match-any)
14 packets, 1420 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

ICMP was silently dropped

You can use these amazing feature, to limit for exameple SYN destinated to the Route Processor – Just a thought

A Networker Blog

Advertisements

Should we wait for the BECN?

Adaptive Shaping could only be configured to shape traffic rates when frame-relay congestion notifications where received “Yes – (BECN – or fecn-adapt, q922 test frame)”, this could result that delay sensitive traffic experience more delay or simple get dropped, until the router waits for the signal in order to slow down to the adaptive rate.

We all recall from our CCNA studys, that in-band congestion signaling [like FECNs, BECNs, (and DE) in the Q.922 header] where set by the Frame-relay Switch to notify end devices that they should start their configured congestion avoidance procedures, recall that if a router receives any BECN during a TC interval, the router decreases the tx rate 25%, and the router will continue to decrement with each BECN (limited to TC intervals) until the traffic rate hits the configured adaptive (minCIR) rate. After the rate had decreased the router takes 16 times intervals of receiving no BECN to start increasing by (Be + Bc)/16, per TC interval.

Now, Cisco, created the Frame-relay Voice-Adaptive Traffic Shaping (FR-VATS) feature, FR-VATS just monitors the LLQ Queue for traffic, and the concept is really simple. When there is traffic on this Priority queue, FR-VATS shapes to the minCIR, for the other non priority classes, leaving the traffic in Priority class to be inserted directly into the Dual Fifo High Priority Queue, just before the TXRing. Also other features like fragmentation and interleaving could be configured to work in conjunction with VATS,  similarly, if there is no traffic in the LLQ Queue for a configurable deactivation time (30 sec by default) the FR-VATS shaper resumes shaping to CIR (not the minCIR), in other words, no more shapers working at night for Bulk Traffic Class 🙂

a sample configuration could be

R2(config)#class-map PREC5
R2(config-cmap)#ma ip prec 5
R2(config-cmap)#exit
R2(config)# class-map PREC0
R2(config-cmap)#ma ip prec 0
R2(config-cmap)#ma access-gr 106
R2(config-cmap)#do show ip access-list
Extended IP access list 106
    10 permit icmp any any (6141842 matches)
R2(config-cmap)#
R2(config-cmap)#policy-map VATS
R2(config-pmap)#class PREC5
R2(config-pmap-c)#priority 10
R2(config-pmap-c)#exit
R2(config-pmap)#class PREC0
R2(config-pmap-c)#band 10
R2(config-pmap-c)#exit
R2(config-pmap)#exit
R2(config)#policy-map SHAPPER
R2(config-pmap)#class class-default
R2(config-pmap-c)#shape average 128000 1005
R2(config-pmap-c)#shape adaptive 10050
R2(config-pmap-c)#shape fr-voice-adapt deactivation 30
R2(config-pmap-c)#service-policy VATS
R2(config-pmap-c)#exit
R2(config-pmap)#map-class frame-relay BINDINGS
R2(config-map-class)#service-policy out SHAPPER
R2(config-map-class)#exit
R2(config)#int s0/1
R2(config-if)#frame-relay framentation voice-adaptive deactivation 30
R2(config-if)#frame-relay fragment 80 end-to-end
R2(config-if)#frame-relay interface-dlci 666
R2(config-fr-dlci)#class BINDINGS

Note: end to end fragmentation is on the interface and not in the class map. (no difference at all)

In Summary, VATS feature is automatically trigged throttling back CIR to minCIR for the non priority traffic, if packets enters the LLQ Queue.

A Networker Blog

Traffic shaping the 2 Methods.

Traffic shaping allows you to control outgoing traffic on an interface to match the speed of transmission to the speed of the remote interface, and to ensure that the traffic conforms to administrative QoS policies. You can shape traffic adhering to a particular profile to meet downstream requirements, thereby eliminating bottlenecks due to data-rate mismatches.

ok so we have the following stream going

R3#show policy-map interface s0/0 | in rate|Class
    Class-map: ICMP (match-all)
      30 second offered rate 779000 bps
    Class-map: class-default (match-any)
      30 second offered rate 0 bps, drop rate 651000 bps

We can tell from here that R3 is sending 760.742188 Kbps of ICMP Traffic out to R4 Now let’s test the 2 different Traffic Shaping Methods, using class based shaping

1st method

R2#conf ter
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#access-list 106 permit icmp any any
R2(config)# class-map match-all ICMP
R2(config-cmap)#  match access-group 106
R2(config-cmap)#exit
R2(config)#policy-map ICMP
R2(config-pmap)#class ICMP
R2(config-pmap-c)#exit
R2(config-pmap)#int s0/1
R2(config-if)#service-po out ICMP
R2(config-if)#do show policy-map int s0/0 | in Class|rate
    Class-map: ICMP (match-all)
      30 second offered rate 35000 bps
    Class-map: class-default (match-any)
      30 second offered rate 90000 bps, drop rate 0 bps

If we wait for a period of time until the counters are refreshed

R2(config-if)#do show policy-map int s0/0 | in Class|rate
    Class-map: ICMP (match-all)
      30 second offered rate 125000 bps
    Class-map: class-default (match-any)
      30 second offered rate 1000 bps, drop rate 0 bp

Now lets test the shaping to the configured average rate, with this shaping method the average rate forwards up to a committed Burst (BC) traffic at every committed time window (TC) interval, with additional bursting capability when enough tokens are accumulated in the bucket

in other words, BC of tokens are added to the token  bucket at every TC time interval.

the configuration for Shaping Average is ..

R2(config-pmap-c)#shape average ?
    Target Bit Rate (bits per second), the value needs to be
                    multiple of 8000
  percent           % of interface bandwidth for Committed information rate

back to the router.

R2(config-if)# policy-map ICMP
R2(config-pmap)#  class ICMP
R2(config-pmap-c)#shape average 8000
R2(config)#do show policy-map int s0/1
 Serial0/1 

  Service-policy output: ICMP

    Class-map: ICMP (match-all)
      684 packets, 960336 bytes
      30 second offered rate 35000 bps, drop rate 30000 bps
      Match: access-group 106
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)
             8000/8000      2000   8000      8000      1000      1000     

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      10        9         12636     7         9828      yes

    Class-map: class-default (match-any)
      1 packets, 84 bytes
      30 second offered rate 0 bps, drop rate 0 bps
      Match: any

After this Configuration was applied to the interface pointing to R3

we get the following @ R3

R3#show policy-map interface s0/0 | in rate|Class
    Class-map: ICMP (match-all)
      30 second offered rate 45000 bps
    Class-map: class-default (match-any)
      30 second offered rate 0 bps, drop rate 21000 bps
R3#show policy-map interface s0/0 | in rate|Class
    Class-map: ICMP (match-all)
      30 second offered rate 36000 bps
    Class-map: class-default (match-any)
      30 second offered rate 0 bps, drop rate 14000 bps
R3#show policy-map interface s0/0 | in rate|Class
    Class-map: ICMP (match-all)
      30 second offered rate 36000 bps
    Class-map: class-default (match-any)
      30 second offered rate 0 bps, drop rate 14000 bps
R3#show policy-map interface s0/0 | in rate|Class
    Class-map: ICMP (match-all)
      30 second offered rate 36000 bps
    Class-map: class-default (match-any)
      30 second offered rate 0 bps, drop rate 14000 bps
R3#show policy-map interface s0/0 | in rate|Class
    Class-map: ICMP (match-all)
      30 second offered rate 30000 bps
    Class-map: class-default (match-any)
      30 second offered rate 0 bps, drop rate 9000 bps
R3#show policy-map interface s0/0 | in rate|Class
    Class-map: ICMP (match-all)
      30 second offered rate 30000 bps
    Class-map: class-default (match-any)
      30 second offered rate 0 bps, drop rate 9000 bps
R3#

we can determine that the traffic is now “Slowing Down”

after the counter had been refresed on R3

@R2

R2(config)#do show policy-map int s0/1
 Serial0/1 

  Service-policy output: ICMP

    Class-map: ICMP (match-all)
      15106 packets, 21208824 bytes
      30 second offered rate 729000 bps, drop rate 75520000 bps
      Match: access-group 106
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)
             8000/8000      2000   8000      8000      1000      1000     

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      64        93        130572    91        127764    yes

    Class-map: class-default (match-any)
      42 packets, 4216 bytes
      30 second offered rate 0 bps, drop rate 0 bps
      Match: any
R2(config)#

@R3

R3#show policy-map interface s0/0 | in rate|Class
    Class-map: ICMP (match-all)
      30 second offered rate 19000 bps
    Class-map: class-default (match-any)
      30 second offered rate 0 bps, drop rate 0 bps

=============================================1=
=                      19.000 bits per second = 18.5546875 Kbps                     =
===============================================

2nd Method.

Now for the second method Shaping to the peak rate, means that BC + BE of traffic at every TC time interval is sent.  BC+ BE tokens are added to the token bucket at every TC time interval.

The formula related to this method is Average Rate * (1 + Be/Bc)

The same test as in the first method but now for the following configuration:

The configuration for Shape to Peak:

R2(config-pmap-c)#shape peak ?
    Target Bit Rate (bits per second), the value needs to be
                    multiple of 8000
  percent           % of interface bandwidth for Committed information rate

back at the router:

R2(config)# policy-map ICMP
R2(config-pmap)#  class ICMP
R2(config-pmap-c)#no   shape average 8000
R2(config-pmap-c)#shape peak 8000
R2(config-pmap-c)#do show policy-map int s0/1
 Serial0/1 

  Service-policy output: ICMP

    Class-map: ICMP (match-all)
      27783 packets, 39007332 bytes
      30 second offered rate 730000 bps, drop rate -2126850296 bps
      Match: access-group 106
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)
            16000/8000      2000   8000      8000      1000      2000     

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      64        12        16848     10        14040     yes

    Class-map: class-default (match-any)
      73 packets, 7237 bytes
      30 second offered rate 0 bps, drop rate 0 bps
      Match: any
R2(config-pmap-c)#

after counters where refreshed on R3 we can see now we have

R3#show policy-map interface s0/0 | in rate|Class
    Class-map: ICMP (match-all)
      30 second offered rate 38000 bps
    Class-map: class-default (match-any)
      30 second offered rate 0 bps, drop rate 8000 bps

=============================================2=
=                    38.000 bits per second = 37.109375 Kbps                          =
===============================================
as expected,  You can do your Math here:  Be= 8000, Bc= 8000, Average Rate= 8000

In summary, class Based shaping can shape to the configured average rate or to the peak rate for packets Peak Rate = Average Rate * (1 + Be/Bc)

A Networker Blog

Wait… do not hit enter yet

Creating nonexisten class within the policy-map!

R3#show ver | in IOS
Cisco IOS Software, 7200 Software (C7200-IS-M), Version 12.4(13b), RELEAS
ARE (fc3)

No class map configured

R3#show run class-map
Building configuration...

Current configuration : 6 bytes
end

No policy-map configured

R3#show run policy-map
Building configuration...

Current configuration : 6 bytes
end

R3#conf ter
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#policy-map MYPM

R3(config-pmap)#class match ?

ok seems that we need to hit enter here, he is expeting class named match =)
But…

R3(config-pmap)#class match access-gr 102

We have now a class-map configured automagically

R3(config-pmap-c)#do show run class-map

Building configuration...

Current configuration : 60 bytes
!
class-map match-any match
match access-group 102
!
end

R3(config-pmap-c)#

Now here the running configuration will show the configuration using the match-any strategy in the class-map

A Networker Blog

My QOS & MPLS Notes.

Default Behavior: Penultimate Hop Pop (PHP)

 R7#show mpls for 5.5.5.5 32
 Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
 tag    tag or VC   or Tunnel Id      switched   interface
 16     Untagged    5.5.5.5/32        0          Se0/0/0.57 point2point

Behavior with Ultimate Hop Popping (UHP)

R5(config)#mpls ldp explicit-null !this is how you enable UHP

R7#show mpls for 5.5.5.5 32
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     0          5.5.5.5/32        0          Se0/0/0.57 point2point

UHP: in other words: explicit-null, instead of advertising a pop we send a label (0, for both LDP/TDP)

Cisco.com Reference URL: In some cases (for example, a plain non-VPN MPLS network), the PHP action on the final P router can expose a plain IP packet when a packet with only one label is received. When this IP packet is received by the egress LSR (PE), it is not possible to classify the packet based on the MPLS EXP bits because there is no label now. In these situations, you must configure the egress PE router to advertise an explicit-null label. When the PHP (I guess that they mean a SWAP operation because of UHP in the P) action is performed on the P router, a label with a value of zero is sent, and with this special label you can mark the EXP bits as normally labeled packets, allowing the correct classification on the egress PE router.

Disposition Condition Table

Default Disposition behavior: the EXP value of the top-most label is not copied as the IP Precedence value of the IP packet
Uniform MODE: mpls exp value is copied down in the label stack
PIPE Mode: Similar to Uniform mode, but at the disposition of the label, the EXP of the label is not copied to the packet TOS The egress LSR does not maintain a copy of the ingress labeled packet’s EXP value in the qos-group variable (use internally in order to be able to classify EXP and give a PHB to IP)
Short Pipe mode:
Short Pipe
Long pipe (CSC)
Long Pipe

General QOS Configuration Guide

MPLS TOPMOST & IMPOSITION in QOS when Labels are received

MPLS: Se0/0/0.79: recvd: CoS=5, TTL=254, Label(s)=16/17

MPLS: Se0/0/0.89: xmit: CoS=5, TTL=253, Label(s)=17

MPLS: Se0/0/0.79: recvd: CoS=2, TTL=254, Label(s)=16/17

MPLS: Se0/0/0.89: xmit: CoS=2, TTL=253, Label(s)=17

MPLS: Se0/0/0.79: recvd: CoS=2, TTL=254, Label(s)=16/17

MPLS: Se0/0/0.89: xmit: CoS=5, TTL=253, Label(s)=17

MPLS: Se0/0/0.79: recvd: CoS=3, TTL=254, Label(s)=16/17

MPLS: Se0/0/0.89: xmit: CoS=2, TTL=253, Label(s)=17

MPLS: Se0/0/0.79: recvd: CoS=3, TTL=254, Label(s)=16/17

MPLS: Se0/0/0.89: xmit: CoS=4, TTL=253, Label(s)=17

MPLS: Se0/0/0.79: recvd: CoS=3, TTL=254, Label(s)=16/17

MPLS: Se0/0/0.89: xmit: CoS=5, TTL=253, Label(s)=17

MPLS TOPMOST & IMPOSITION in QOS when Packets are received

MPLS: Se0/0/0.79: recvd: CoS=5, TTL=254, Label(s)=16/17

MPLS: Se0/0/0.89: xmit: CoS=5, TTL=253, Label(s)=17

MPLS: Se0/0/0.79: recvd: CoS=3, TTL=254, Label(s)=16/17

MPLS: Se0/0/0.89: xmit: CoS=5, TTL=253, Label(s)=17

MPLS: Se0/0/0.79: recvd: CoS=3, TTL=254, Label(s)=16/17

MPLS: Se0/0/0.89: xmit: CoS=2, TTL=253, Label(s)=17

MPLS: Se0/0/0.79: recvd: CoS=3, TTL=254, Label(s)=16/17

MPLS: Se0/0/0.89: xmit: CoS=2, TTL=253, Label(s)=17

ConfExamples — Comming soon,

Notes: based on RFC 3270, and Cisco DiffServ Tunneling Modes for MPLS Networks

A Networker Blog

RFC 2698 Implemented

http://www.ietf.org/rfc/rfc2698.txt

The Two Rate Three Color Marker (trTCM) meters an IP packet stream and marks its packets either green, yellow, or red.
A packet is marked red if it exceeds the Peak Information Rate (PIR).

Marked either yellow or green depending on whether it exceeds or doesn’t exceed the Committed Information Rate (CIR).

The Meter operates in one of two modes.

In the Color-Blind mode, the Meter assumes that the packet stream is uncolored.

In the Color-Aware mode the Meter assumes that some preceding entity has pre-colored the incoming packet stream so that each packet is either green, yellow, or red.

Router(config-pmap-c-police)#?
QoS Class Police configuration commands:
conform-action action when rate is less than conform burst
exceed-action action when rate is within conform and conform + exceed burst
exit Exit from Police configuration mode
no Negate or set default values of a command
violate-action action when rate is greater than conform + exceed burst

The trTCM is configured by setting its mode and by assigning values to four traffic parameters:

· Peak Information Rate (PIR)
· Peak Burst Size (PBS)
· Committed Information Rate (CIR)
· Committed Burst Size (CBS).

Router(config)#policy-map POLICER
Router(config-pmap)#class class-default
Router(config-pmap-c)#police ?
<8000-2000000000> Bits per second
cir Committed information rate
rate Specify police rate

Router(config-pmap-c)#police cir ?
<8000-2000000000> Bits per second
percent % of interface bandwidth for Committed information rate

Router(config-pmap-c)#police cir 8000 ?
<1000-512000000> Burst bytes
bc Conform burst
conform-action action when rate is less than conform burst
pir Peak Information Rate
<cr>

Router(config-pmap-c)#police cir 8000 bc ?
<1000-512000000> Burst bytes
conform-action action when rate is less than conform burst
pir Peak Information Rate
<cr>

Router(config-pmap-c)#police cir 8000 bc 8000 ?
<1000-512000000> Burst bytes
be Excess burst
conform-action action when rate is less than conform burst
pir Peak Information Rate
<cr>

Router(config-pmap-c)#police cir 8000 bc 8000 pir ?
<8000-2000000000> Bits per second

Router(config-pmap-c)#police cir 8000 bc 8000 pir 8000 ?
be Excess burst
conform-action action when rate is less than conform burst
<cr>

Router(config-pmap-c)#police cir 8000 bc 8000 pir 8000 be ?
<1000-512000000> Burst bytes

Router(config-pmap-c)#police cir 8000 bc 8000 pir 8000 be 8000 ?
conform-action action when rate is less than conform burst
<cr>

Router(config-pmap-c)#police cir 8000 bc 8000 pir 8000 be 8000

The PIR and CIR are measured in bytes of IP packets per second, i.e.,it includes the IP header, but not link specific headers. The PIR must be equal to or greater than the CIR.

Router(config-pmap-c)#police cir 9000 pir 8000
Inconsistent PIR value, should be greater than CIR: 9000

The PBS and the CBS and are measured in bytes and both of them must be configured to be greater than 0

Router(config-pmap-c)#police cir 9000 bc ?
<1000-512000000> Burst bytes === The min value here is 1000 BYTES

It is recommended that they be configured to be equal to or greater than the size of the largest possible IP packet in the stream.

The behavior of the Meter is specified in terms of its mode and two token buckets, P and C, with rates PIR and CIR, respectively. The maximum size of the token bucket P is PBS and the maximum size of the token bucket C is CBS.

The token buckets P and C are initially (at time 0) full, i.e., theoken count Tp(0) = PBS and the token count Tc(0) = CBS.

If BC and Be are not specified, the default BC in Bytes will be CIR/32 or 1500 Bytes whichever is higher. The Default BE in Bytes will be PIR/32 or 1500 Bytes which ever is higher

Router(config-if)#ser in POLICER
Router(config-if)#do show policy-map
Policy Map POLICER
Class class-default
police cir 32000 bc 1500 pir 64000 be 2000
conform-action transmit
exceed-action drop
violate-action drop

or
Router(config-pmap-c-police)#police cir 50000 pir 100000
Router(config-pmap-c-police)#do show policy-map
Policy Map POLICER
Class class-default
police cir 50000 bc 1562 pir 100000 be 3125
conform-action transmit
exceed-action drop
violate-action drop

50000/32 == 1562,5
100000/32 == 3125
So in this case Bucket P has 3125 Bytes and Bucket C has 1562 Bytes in Size

the token count Tp is incremented by one PIR times per second up to PBS and the token count Tc is incremented by one CIR times per second up to CBS.

When a packet of size B bytes arrives at time t, the following happens if the trTCM is configured to operate in the Color-Blind mode:

A.- If Tp(t)-B < 0, the packet is red

B.- if Tc(t)-B < 0, the packet is yellow and Tp is decremented by B

C.- the packet is green and both Tp and Tc are decremented by B.

The Marker reflects the metering result by setting the DS field of the packet to a particular codepoint. In case of the AF PHBthe color can be coded as the drop precedence of the packet.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ft2rtplc.htm#1015363
Router(config-pmap-c)# police {cir cir} [bc conform-burst] {pir pir} [be peak-burst]

Setting up a Quick Lab, using Dynamips

start “R1” /MIN D:\Dyn\dynamips-wxp.exe -i 1 -t npe-400 -r 128 -t npe-400 -r 128 -p 1:PA-4T+ -p 2:PA-4T+ -p 3:PA-FE-TX -p 4:PA-FE-TX -k 40 –idle-pc=0x608bad8c -A 3001 -s 1:0:udp:1101010:127.0.0.1:1011010 -s 1:1:udp:131112:127.0.0.1:311211 -s 3:0:udp:173001:127.0.0.1:710130 D:\Dyn\C7200-IK.bin

start “R3” /MIN D:\Dyn\dynamips-wxp.exe -i 3 -t npe-400 -r 128 -t npe-400 -r 128 -p 1:PA-4T+ -p 2:PA-4T+ -p 3:PA-FE-TX -p 4:PA-FE-TX -k 40 –idle-pc=0x608bad8c -A 3003 -s 1:0:udp:3101012:127.0.0.1:1031210 -s 1:1:udp:3101113:127.0.0.1:1031311 -s 1:2:udp:311211:127.0.0.1:131112 -s 1:3:udp:321311:127.0.0.1:231113 -s 3:0:udp:473003:127.0.0.1:730330 -s 4:0:udp:384003:127.0.0.1:830340 D:\Dyn\C7200-IK.bin

R1#show ip ospf neigh

Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ – 00:00:37 1.1.13.3 Serial1/1

R1#show ip ospf data

OSPF Router with ID (1.1.13.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
1.1.13.1 1.1.13.1 12 0x80000002 0x008DCA 2
3.3.3.3 3.3.3.3 17 0x80000002 0x005AE2 3

R1#show ip route 3.3.3.3
Routing entry for 3.3.3.3/32
Known via “ospf 1”, distance 110, metric 65, type intra area
Last update from 1.1.13.3 on Serial1/1, 00:00:05 ago
Routing Descriptor Blocks:
* 1.1.13.3, from 3.3.3.3, 00:00:05 ago, via Serial1/1
Route metric is 65, traffic share count is 1

R1(config)#class-map ICMP
R1(config-cmap)#ma proto icmp
R1(config-cmap)#exit
R1(config)#policy-map POLICER
R1(config-pmap)#class ICMP
R1(config-pmap-c)#police cir 10000 pir 20000
R1(config-pmap-c-police)#conform-action ?
drop drop packet
set-clp-transmit set atm clp and send it
set-discard-class-transmit set discard-class and send it
set-dscp-transmit set dscp and send it
set-frde-transmit set FR DE and send it
set-mpls-exp-imposition-transmit set exp at tag imposition and send it
set-mpls-exp-topmost-transmit set exp on topmost label and send it
set-prec-transmit rewrite packet precedence and send it
set-qos-transmit set qos-group and send it
transmit transmit packet

This router can remark to DSCP or to IPPrec, we are using IPPrec in this example, by default it would drop all traffic entering in exceeded or violation setions.

R1(config-pmap-c-police)#conform-action set-dscp-transmit ?
<0-63> Differentiated services codepoint value
af11 Match packets with AF11 dscp (001010)
af12 Match packets with AF12 dscp (001100)
af13 Match packets with AF13 dscp (001110)
af21 Match packets with AF21 dscp (010010)
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010)
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cs1 Match packets with CS1(precedence 1) dscp (001000)
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)

R1(config-pmap-c-police)#conform-action SET-PREc-transmit ?
<0-7> new precedence

R1(config-pmap-c-police)#conform-action set-prec-transmit 1
R1(config-pmap-c-police)#exceed-action set-prec-transmit 2
R1(config-pmap-c-police)#violate-action set-prec-transmit 3
R1(config-pmap-c)#exit
R1(config-pmap)#exit
R1(config)#int s01/1
R1(config-if)#ser out POLICER
R1(config-if)#do show policy-map int s1/1
Serial1/1

Service-policy output: POLICER

Class-map: ICMP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol icmp
police:
cir 10000 bps, bc 1500 bytes
pir 20000 bps, be 1500 bytes
conformed 0 packets, 0 bytes; actions:
set-prec-transmit 1
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 2
violated 0 packets, 0 bytes; actions:
set-prec-transmit 3
conformed 0 bps, exceed 0 bps, violate 0 bps

Class-map: class-default (match-any)
13 packets, 984 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

Ok

R1#ping 3.3.3.3 time 0 size 400 rep 2

Type escape sequence to abort.
Sending 2, 400-byte ICMP Echos to 3.3.3.3, timeout is 0 seconds:
..
Success rate is 0 percent (0/2)

We are sending 2 – 400 Bytes Packets, at the same time.

R1#show policy-map int s1/1
Serial1/1

Service-policy output: POLICER

Class-map: ICMP (match-all)
2 packets, 808 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
police:
cir 10000 bps, bc 1500 bytes
pir 20000 bps, be 1500 bytes
conformed 2 packets, 808 bytes; actions:
set-prec-transmit 1
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 2
violated 0 packets, 0 bytes; actions:
set-prec-transmit 3
conformed 0 bps, exceed 0 bps, violate 0 bps

Class-map: class-default (match-any)
4 packets, 216 bytes
5 minute offered rate 0 bps, drop rate 0 bps

Match: any
R1#

R1#show policy-map int s1/1 | in actions
conformed 2 packets, 808 bytes; actions:
exceeded 0 packets, 0 bytes; actions:
violated 0 packets, 0 bytes; actions:

From the following link http://www.cisco.com/univercd/illus/6/15/60515.gif

If B > Tp then packets are marked as violating
If B > Tc then packets are marked as exceeding, Tp = Tp – B
If Tp = Tp – B and Tc = Tc – B then the packet is market as conforming

R1#show policy-map int s1/1 | in cir|pir
cir 10000 bps, bc 1500 bytes
pir 20000 bps, be 1500 bytes

So Tp Size is 1500 and Tc Size is 1500 as well

Lets modify a little bit the TP and TC Sizes

R1(config-pmap-c)#class ICMP
R1(config-pmap-c)#police cir 10000 bc 1000 pir 20000 be 2000
R1(config-pmap-c-police)#

R1#show policy-map interface s1/1
Serial1/1

Service-policy output: POLICER

Class-map: ICMP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
police:
cir 10000 bps, bc 1000 bytes
pir 20000 bps, be 2000 bytes
conformed 0 packets, 0 bytes; actions:
set-prec-transmit 1
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 2
violated 0 packets, 0 bytes; actions:
set-prec-transmit 3
conformed 0 bps, exceed 0 bps, violate 0 bps

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

R1#ping 3.3.3.3 time 0 size 1000 rep 3

Type escape sequence to abort.
Sending 3, 1000-byte ICMP Echos to 3.3.3.3, timeout is 0 seconds:

Success rate is 0 percent (0/3)
R1#show policy-map interface s1/1 | in actio
conformed 0 packets, 0 bytes; actions:
exceeded 1 packets, 1004 bytes; actions:
violated 2 packets, 2008 bytes; actions:
R1#!This is because L2 Header 4 Bytes more

R1#clea count
Clear “show interface” counters on all interfaces [confirm]
R1#show policy-map interface s1/1 | in actio
*Dec 22 22:44:25.447: %CLEAR-5-COUNTERS: Clear counter on all interfaces by cons
ole
R1#show policy-map interface s1/1 | in actio
conformed 0 packets, 0 bytes; actions:
exceeded 0 packets, 0 bytes; actions:
violated 0 packets, 0 bytes; actions:
R1#ping 3.3.3.3 time 0 size 900 rep 3

Type escape sequence to abort.
Sending 3, 900-byte ICMP Echos to 3.3.3.3, timeout is 0 seconds:

Success rate is 0 percent (0/3)
R1#show policy-map interface s1/1 | in actio
conformed 1 packets, 904 bytes; actions:
exceeded 1 packets, 904 bytes; actions:
violated 1 packets, 904 bytes; actions:

Three (B == 904 Bytes) Packets coming In at the same time

R1#ping 3.3.3.3 time 0 size 996 rep 3

Type escape sequence to abort.
Sending 3, 996-byte ICMP Echos to 3.3.3.3, timeout is 0 seconds:

Success rate is 0 percent (0/3)
R1#show policy-map interface s1/1 | in actio
conformed 1 packets, 1000 bytes; actions:
exceeded 1 packets, 1000 bytes; actions:
violated 1 packets, 1000 bytes; actions:

in this case we are sending 1000 Bytes exactly (with L2 Overhead)
This is Tc(0) == 1000 and Tp(0) == 2000

1 st Packet 1000 > 2000 no then 1000 > 1000 no Conform
Tc == 0
2 nd Packet 1000 > 2000 no then 1000 > 0 yes Exceed, TP = 2000 – 1000 = 1000
3 er Packet 1000 > 1000 yes violate

A Networker Blog

Get Shape.

CB Shaping to the Average, forwards traffic to the average rate (CIR), and can burst to Be is there is extra tokens available, now in the other hand we also have, CB Shaping to the Peak and we forward packets to each Bc + Be of traffic at every Tc.

The formula for Peak is Peak Rate = AvgRate * (1+Be/Bc)

Router#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#class-map ICMP
Router(config-cmap)#match protocol icmp
Router(config-cmap)#policy-map sAVERAGE
Router(config-pmap)#class ICMP
Router(config-pmap-c)#shape average 32000
Router(config-pmap-c)#policy-map sPEAK
Router(config-pmap)#
Router(config-pmap)#class ICMP
Router(config-pmap-c)#shape peak 32000
Router(config-pmap-c)#interface Serial1/0
Router(config-if)#service-policy output sAVERAGE
Router(config-if)#interface Serial1/1
Router(config-if)#service-policy output sPEAK

For the shape peak the result should be = 32000 * (1+8000/8000) = 64000 bps

Router#show policy-map int s1/0
Serial1/0

Service-policy output: sAVERAGE

Class-map: ICMP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol icmp
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
32000/32000 2000 8000 8000 250 1000

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
– 0 0 0 0 0 no

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Router#show policy-map int s1/1
Serial1/1

Service-policy output: sPEAK

Class-map: ICMP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol icmp
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
64000/32000 2000 8000 8000 250 2000

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
– 0 0 0 0 0 no

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

CB shaping can adapt dynamically to available Frame Relay bandwidth by the use of BEC bit, the command “shape adaptive min-rate” uses the BECN signal and this causes that the shaping rate be reduced to 25% of the previous rate but not below the min-rate configured. One thing to considered here is that this command only works on Frame Relay interfaces.

 

Cheers

A Networker Blog