3Com Router User Manual

							48
TRAFFIC POLICING, TRAFFIC SHAPING 
AND LINE RATE
Traffic Classification 
Overview Traffic classification means classifying packets into multiple priority levels or 
multiple service types according to the ToS (Type of Service) of IPv4 packet header. 
The other two values are reserved for other uses. After the packets are classified, 
QoS will be applied to different classifications respectively.
The network administrator sets the packet classification rules which define the 
specific flow according to the source address, source port number, protocol 
number, destination address, destination port number. Packet classification rules 
can also perform the classification based on the MAC address. 
The specific classification examples are as follows:
■All the packets received from the specified interface are set to the highest 
priority.
■All FTP traffic is classified at a low priority.
■Video traffic sent from specific IP addresses are classified at a medium priority 
level.
The traffic flow to the specific destination addresses are classified at a high priority 
level.
Traffic Policing 
OverviewAn Internet service provider (ISP) must control the traffic and load sent by users in 
the network. For an enterprise network, if the control can be performed on the 
traffics of some applications, it must be an effective method for controlling the 
network conditions.
The typical function of t traffic policing is to limit traffic that enters the network to 
an allowable range by supervising its specification. If the packet traffic of a certain 
connection is too large, the packet is dropped or the priority level of the packet is 
specified. For example, an HTTP packet may be limited to less than 50% of the 
network bandwidth to save network resources and protect the benefits of 
operators.
The committed access rate (CAR) is a technology that polices the network traffic 
that enters an ISP, including the flow classification service of the policed traffic. 
CAR classifies the packets by using the ToS field of the IP v4 header, and takes 
actions for different classes of traffic. Such actions may be:
■Forwarding directly — CAR continues to forward the packets that conform 
to the traffic specifications. 
						

							668CHAPTER 48: TRAFFIC POLICING, TRAFFIC SHAPING AND LINE RATE
■Dropping directly — CAR drops the packets that do not conform to the 
traffic specifications.
■Forwarding after modifying the packet priority level — The packets with the 
estimated result of partial conformance are forwarded after they are marked 
as the lower priority level flows.
■Entering the next level of policing — Traffic policing may be stacked level by 
level, and each level concerns and polices more specific targets. A downstream 
network can receive the estimated result from an upstream network, or it can 
be classified according to its own standard.
Traffic policing uses the Token Bucket algorithm, and each service has tokens 
which are transmitted at a specified rate. If the reaching speed of the user packets 
is faster than the speed at which the tokens are transmitted, it is necessary to take 
measures for the data exceeding the specified rate, for example, they are marked 
and allowed to pass through the network only when the network is not congested 
and they are dropped first when the network is congested. These data packets can 
also be dropped directly, which is completely dependent on the agreement and 
rules between the operators and users.
Token bucket feature The token bucket may be regarded as a container that 
stores tokens. The system puts tokens into the bucket at the set speed. When the 
bucket is full of tokens, the excessive tokens overflow, and the number of the 
tokens in the bucket does not increase.
Figure 210   Schematic diagram of packet line classification and traffic policing
Measuring the traffic by the token bucket Evaluating the traffic specification 
by the token bucket is based on whether the number of the tokens in the token 
bucket is enough for packet forwarding. If the bucket has sufficient tokens to 
forward packets, the traffic does not exceed the specification, otherwise, it 
exceeds the specification. Usually, one token is associated with one bit of 
forwarding authority.
Three main parameters are used in the evaluation of the traffics:
■Time Interval: Evaluates the traffic in every other period. This parameter is set 
by the system. For every evaluation, if the bucket has sufficient tokens to be 
used by one or more packets, it is considered “in conformance”. If the bucket 
incoming packetsoutgoing packets
Token Bucket Tokens enter bucket
at the given speed
classify
Discarded
packets 
						

							Committed Access Rate (CAR)669
does not have sufficient tokens, it is considered “out of conformance”. 
“Conformance” indicates that the traffic does not exceed the limit--at this 
time, the number of tokens that correspond to the conformance limit can be 
used and “nonconformance” indicates that the number of tokens that are 
being used is beyond the specification.
■Burst size: Indicates the capacity of the token bucket. It is usually set to 
committed burst size (CBS) which is the allowable maximum traffic size in every 
evaluation time interval. The burst size must be set to a size larger than the 
maximum length of the packet.
■Average rate: Specifies the rate at which tokens are put into the bucket. It is 
usually set to the committed information rate (CIR) or the allowable average 
speed of the flows.
Complex evaluation If there is only one token bucket, the evaluation result is 
limited to “conformance” and “nonconformance”.
To evaluate more complex situations and implement more flexible adjusting and 
controlling rules, two token buckets can be set. For example, the committed 
access rate (CAR) has three parameters:
■Committed Information Rate (CIR): The long period average rate, at which the 
service quality of the transmitted data can be completely guaranteed.
■Committed Burst Size (CBS): The burst data traffic size before the amount of 
some traffic exceeds the line rate. At this rate, the service quality of the data 
can be guaranteed.
■Excess Burst Size (EBS): The burst data traffic size before the amount of all 
traffic exceeds the line rate. At this rate, the service quality of the data cannot 
be guaranteed.
With two token buckets, the rates for putting in the tokens are the same, that is, 
CIR. While they are in different size--respectively CBS and EBS (CBS
						

							670CHAPTER 48: TRAFFIC POLICING, TRAFFIC SHAPING AND LINE RATE
■Destination IP address
■Destination MAC address
■Application port
■IP protocol type
■Other standards that may be identified through the access list and extended 
access list. 
The packets can also be classified based on the external conditions of the network. 
For example, the client types may classify the packets. After the packet is 
classified, the user can apply the ACL or CARL on a specified interface and set the 
corresponding actions for the interface, such as rate limiting (to specify CIR, CBS, 
EBS), discard, resetting priority and direct forwarding.
CAR adopts the following two types of rules:
■IP access control list (standard access control list or extended access control list)
■CAR rule list (CARL, when defining CARL, you can perform traffic classification 
according to IP priority and MAC address).
The CAR rules can be independent of each other. That is, each CAR rule reacts to a 
certain type of the packets separately. A cascade of CAR rules can also be used in 
which a packet is matched with successive CAR rules.
Multiple CAR rules can be used on an interface. The router can attempt to match 
the CAR rules in configured order until it matches one successfully. If no matched 
rules are found, rate limiting is not implemented.
CAR ConfigurationCAR configuration includes:
■Defining Rules
■Applying the CAR Policy on the Interface
■Displaying and Debugging CAR
Defining Rules
On the network border, it is necessary to classify the packets. The classification 
standards can set varied priorities for the varied classifications of either all the 
packets received from a specified interface or a group of packets defined by the 
rule command. Inside a network, the modified priority can be used as the 
classification standard. At the same time, for the packets of each category, 
different processing can be defined for those exceeding and those not exceeding 
the traffic limit in a unit time. 
Please perform the following configurations in the system view.
Ta b l e 711   Define CAR Rules
OperationCommand
Define the CAR rule qos carl carl-index { precedence 
precedence-value | mac mac-address }
Delete the CAR ruleundo qos carl carl-index 
						

							Committed Access Rate (CAR)671
By default, no CAR rule of ACL list is established.
For the same carl-index, only one CAR rule can be defined. The later defined CAR 
rule will overwrite the earlier CAR rule. However, multiple CAR rules with different 
carl-index may be defined.
Before the CAR rule is configured, fast forwarding must be disabled.
Applying the CAR Policy on the Interface
The CAR policy can take effect on the incoming and outgoing directions of the 
interface. For the packets conforming to CAR rules or ACL rules, the CAR policy 
can limit their rates. 
Perform the following configurations on the interface view.
Ta b l e 712   Apply the CAR Rule on the Interface
By default, no CAR policy or ACL is applied to any interface.
On one interface (inbound or outbound directions), multiple CAR policies can be 
applied. However, on each interface (both inbound and outbound directions), a 
total of 100 CAR policies can be applied. Up to 100 CAR policies can be applied 
on one interface (inbound and outbound directions).
You must disable fast forwarding before applying the CAR policies.
Enter the acl viewacl acl-number [ match-order config | 
auto ] 
Configure the extended access control listrule { normal | special }{ permit | 
deny }  pro-number [source  
source-addr source-wildcard | any ]  
[ destination dest-addr dest- 
wildcard | any ]  [source-port 
operator port1 [ port2 ] ] 
[destination-port operator port1 [ 
port2 ] ]  [icmp-type icmp-type 
icmp-code] [logging]
OperationCommand
Apply the CAR policy or ACL rule on the 
interfaceqos car { inbound | outbound } { any | 
acl  acl-index | carl carl-index } 
cir committed-rate cbs burst-size ebs 
excess-burst-size conform action 
exceed action
Delete the CAR policy or ACL rule applied 
to the interfaceundo qos car { inbound | outbound } { 
any | acl  acl-index | carl 
carl-index } cir committed-rate cbs 
burst-size ebs excess-burst-size 
conform action exceed action
Operation Command 
						

							672CHAPTER 48: TRAFFIC POLICING, TRAFFIC SHAPING AND LINE RATE
Displaying and Debugging CAR
Ta b l e 713   Display and Debug CAR
CAR Configuration 
ExamplesApplying a CAR Policy to all Packets
■The CAR policy is applied to all the packets that are input to router A 
Ethernet0, directly forwarding the packets that meet the conditions and 
dropping the packets that do not meet the conditions.
■The CAR policy is applied to all the packets that are output from router A 
Ethernet1, directly forwarding the packets that meet the conditions and 
dropping the packets that do not meet the conditions.
Figure 211   Networking diagram of configuring the CAR policy to be applied to all 
packets
1Configure Router A:
CAR policy is applied to all the packets that are input to router A Ethernet 0
[RouterA-Ethernet0] ip address 190.0.0.1 255.255.255.0
[RouterA-Ethernet0] qos car inbound any cir 8000 cbs 15000 ebs 8000 
conform pass exceed discard
CAR policy is applied to all the packets that are output from router A Ethernet 1
[RouterA-Ethernet1] ip address 191.0.0.1 255.255.255.0
[RouterA-Ethernet1] qos car outbound any cir 8000 cbs 15000 ebs 8000 
conform pass exceed discard
Configure the Priority Level Based CAR Policy
■The packet that is input to router A serial interface 0 are matched with the 
priority level based on CAR policy, directly forwarding the packet that meets 
the conditions and dropping the packet that does not meet the conditions.
■The packet that is output from router A serial interface 1 is matched with the 
priority level based on CAR policy, directly forwarding the packet that meets 
the conditions and dropping the packet that does not meet the conditions.
OperationCommand
Display one or all carldisplay qos carl [ carl-index ]
Display the parameter configuration and 
operation statistic information of CAR on 
various interfacesdisplay qos car [ interface type 
number ]
Router A
Router B Router C
E0
190.0.0.2
E0
190.0.0.1E1
191.0.0.1
E0
191.0.0.2 
						

							Committed Access Rate (CAR)673
Figure 212   Networking diagram of configuring the priority level based CAR policy
1Configure Router A:
The CAR policy is applied to the packet inputted to router A serial interface 0 and 
matching priority level 1.
[RouterA]  qos carl 1 precedence 1
[RouterA]acl 1
[RouterA-acl-1]rule permit source 10.0.0.0 0.0.0.255
[RouterA-acl-1]interface serial 0
[RouterA-Serial0] ip address 10.0.0.1 255.255.255.0
[RouterA-Serial0] qos car inbound acl 1 cir 8000 cbs 15000 ebs 8000 
conform pass exceed discard
The CAR policy is applied to the packet outputted from Router A serial interface 1 
and matching priority level is 2
[RouterA] qos carl 2 precedence 2
[RouterA] acl 2
[RouterA-acl-2] rule permit source 10.0.0.0 0.0.0.255
[RouterA-acl-2] interface serial 0
[RouterA-Serial0] ip address 11.0.0.1 255.255.255.0
[RouterA-Serial0] qos car outbound acl 2 cir 8000 cbs 15000 ebs 8000 
conform pass exceed discard
Configure the CAR Policy Based on the MAC Address
The packet input to router A serial interface 0 (the source address of the packet is 
00e0.34b0.7676) is matched with the CAR policy based on MAC address. A 
packet that meets the conditions after its priority level value is changed to 7 will be 
sent continuously and dropped if it does not.
Figure 213   Networking diagram of configuring CAR policy based on the MAC address
1Configure Router A:
The packet that is inputted to router A serial interface 0 is matched with the CAR 
policy based on MAC address
[RouterA]  qos carl 1 mac 00-e0-34-b0-76-76
[RouterA]acl 1
[RouterA-acl-1]rule permit source 10.0.0.0 0.0.0.255
[RouterA-acl-1]interface serial 0
[RouterA-Serial0] ip address 10.0.0.1 255.255.255.0
[RouterA-Serial0] qos car inbound acl 1 cir 8000 cbs 15000 ebs 8000 
conform pass exceed discard
Ro u t er  ARouter B
Router C
S0
10.0.0.2
S0
10.0.0.1S0
11.0.0.2 S1
11.0.0.1
Router A Router B Router C
S0
10.0.0.2
S0
10.0.0.1S0
11.0.0.2 S1
11.0.0.1 
						

							674CHAPTER 48: TRAFFIC POLICING, TRAFFIC SHAPING AND LINE RATE
Apply a CAR Policy on the Packets that Match ACL
■The CAR policy is applied to the packet that is input to router A serial interface 
0 and that matches the specific ACL rule, directly forwarding the packet that 
meets the conditions and dropping the packet that does not meet the 
conditions.
■The CAR policy is applied to the packet that is output from router A serial 
interface 0 and that matches the specific ACL rule, directly forwarding the 
packet that meets the conditions and dropping the packet that does not meet 
the conditions.
Figure 214   Configure the CAR rule to be applied to the packet that matches the ACL 
policy
1Configure Router A:
The CAR policy is applied to the packet input to router A serial interface 0 and 
matching the ACL
[RouterA]acl 1
[RouterA-acl-1]rule permit source 10.0.0.2 0.0.0.0
[RouterA-acl-1]interface serial 0
[RouterA-Serial0] ip address 10.0.0.1 255.255.255.0
[RouterA-Serial0] qos car inbound acl 1 cir 8000 cbs 15000 ebs 8000 
conform pass exceed discard
The CAR policy is applied to the packet that is output from router A serial interface 
1 and matches ACL
[RouterA]acl 1
[RouterA-acl-1]rule permit source 11.0.0.1 0.0.0.0 
[RouterA-acl-1]rule permit source 11.0.0.2 0.0.0.0 
[RouterA-acl-1]interface serial 0
[RouterA-Serial0] ip address 11.0.0.1 255.255.255.0
[RouterA-Serial0] qos car inbound acl 1 cir 8000 cbs 15000 ebs 8000 
conform pass exceed discard
Traffic ShapingGeneric Traffic Shaping (GTS) restricts packets that are sent from an interface at 
relative uniform speed by limiting the traffic and burst of a certain connection 
from a network. This is usually carried out with buffer and token bucket that is 
used to control the transmission speed. Even buffering the packets that exceed a 
specified traffic and sending them after a specified time can make the speed of 
the packets. 
The processing of the packet by GTS is shown in Figure 215.
S0
10.0.0.2
S0
10.0.0.1S0
11.0.0.2 S1
11.0.0.1
Router A Router B Router C 
						

							Traffic Shaping675
Figure 215   Schematic diagram of GTS processing
If an interface does not use the rule defined by rule to classify the packet, the 
interface has only one queue. If GTS uses the rule defined by rule to classify the 
packet, it maintains a separate queue for every type of flow. In every interface, 
GTS can select either of the following two methods:
■Processing all the flows of the interface: At this time, if the sending queue of 
this interface is empty, and the traffic of the packets in unit time does not 
exceed the limitation, the packet is sent immediately, otherwise, the packet 
enters the sending buffered queue of the interface.
■Processing different flows of the interface: Different flows are compared with 
acl-number. When they are matched with the rule and the interface sending 
queue is empty, and the traffic of the packet in unit time does not exceed the 
limitation, the packet is sent immediately, otherwise, the packet enters the 
sending buffered queue of the interface.
To reduce the unnecessary loss of the packet, GTS processing is performed on the 
packet in the upstream router egress, and the packet that exceeds the GTS traffic 
characteristics are buffered on the interface buffer. When the network congestion 
is removed, GTS again takes out the packet from the buffer queue and continues 
to send. Thus, the packets sent to the downstream router will all conform to the 
traffic specification of the router to reduce the drop of the packet in the 
downstream router. If GTS processing is not performed in the upstream router 
egress, all the packets that exceed the CAR specified traffic of the downstream 
router would be dropped by the downstream router.
Configuring GTSTraffic shaping configuration includes:
■Configuring shaping parameters for a specified flow
■Configuring shaping parameters for all flows
Configuring shaping parameters for a specified flow
Shaping a special kind of flow means shaping merely the flows that match the 
rules. 
Please perform the following settings in the interface view.
incoming packetsoutgoing packets
Token BucketTokens enter bucket
at the given speed
classify
Discarded
packets
queue 
						

							676CHAPTER 48: TRAFFIC POLICING, TRAFFIC SHAPING AND LINE RATE
Ta b l e 714   Configure Shaping Parameters for a Specified Flow
By default, the traffic shaping is not performed on the interface.
This command may be repeatedly used to set different shaping parameters for 
different flows.
This command cannot be used together with the qos gts any command in the 
same interface.
Configuring shaping parameters for all flows
Shaping all the flows means shaping all the flows passing this interface.
Please perform the following settings in the interface view.
Ta b l e 715   Configure Shaping Parameters for all Flows
By default, the traffic shaping is not performed on the interface.
This command cannot be used along with the qos gts acl command on the same 
interface. You must disable fast forwarding before configuring all the traffic 
shaping parameters.
Displaying and 
Debugging Traffic 
ShapingTa b l e 716   Display and Debug Traffic Shaping
GTS Configuration 
Example
1Configure the ACL.
[Router]acl 110
[Router-acl-110] rule permit udp source any destination any 
Shape the flows matching 110 on Ethernet interface 0.
[Router-acl-110] interface ethernet0
[Router-Ethernet0] qos gts acl 110 cir 2000000 cbs 120000 ebs 120000 
OperationCommand
Configure the shaping parameters for a 
specified flowqos gts acl acl-index cir 
committed-rate [ cbs burst-size [ ebs 
excess-burst-size [ queue-length 
queue-length ] ] ]
Cancel shaping parameters for a specified 
flowundo qos gts acl acl-index
OperationCommand
Configure shaping parameters for all 
flowsqos gts any cir committed-rate [ cbs 
burst-size [ ebs excess-burst-size [ 
queue-length queue-length ] ] ]
Cancel the shaping parameters of the flowundo qos gts any
OperationCommand
Display the GTS configuration conditions 
and statistic information of the interfacedisplay qos gts [ interface type 
number ]