In previous article I used class-maps to classify flows and then I used marking (as close as possible to the source of the flow).

Now I want to apply some policing or shaping to my traffic on a link that is not fast enough to carry all our traffic. After all, we need QoS to control the usage of our limited resources (here, bandwidth).

Note that ideally I do shaping or policing on a router that is connected to my low-speed link (a router separate from the classifier router). In this example, however, I am doing marking and shaping on the same router.

Sometimes I need to guarantee a fixed amount of available bandwidth to a flow (that I have classified it using a class-map). Using bandwidth command we can assure that in case of congestion, we have reserved bandwidth for our high-priority flow (such as voice or video flow). When there is no high-priority flow, its reserved bandwidth can be distributed equally between other flows but when again we have traffic for our particular flow we reclaim the specified bandwidth for this flow. Also in cases where our high-priority needs more bandwidth and other flows do not consume all the available bandwidth, this flow may receive some extra bandwidth.

First I need to classify data flows on policing router. On marker router (in our example, R2). I defined 2 clas-maps: one to match big pings and one for server subnet (any traffic entering f0/0 on R2). I dropped big pings so the only traffic that comes in my policer router is server subnet. Also all other traffic fall into class-default class-map and I did not assign any policy to this class.

Now I need to match traffic that has ip precedence of 2 (since we marked server subnet’s traffic with ip precedence 2) and assign some bandwidth to it on policer router:

R2(config)#class-map MARKED_SERVER_SUBNET_FLOW R2(config-cmap)#match ip precedence 2

then we guarantee some bandwidth for this flow on our low speed link (s1/0 on R2):

R2(config-cmap)#policy-map LOW_SPEED_SERIAL_LINK_POLICY R2(config-pmap)#class MARKED_SERVER_SUBNET_FLOW R2(config-pmap-c)#bandwidth ? <8-2000000> Kilo Bits per second percent % of total Bandwidth remaining The remaining bandwidth

Note that we have 3 options: We can assign the absolute amount of bandwidth in kilo bits per second, we can use a percentage of the total bandwidth and finally we can use a percentage of the remaining bandwidth (we may have reserved some bandwidth for other flows and now we are using a fraction of the remaining bandwidth). This last option is not so interesting to me! I prefer absolute amounts:

R2(config-pmap-c)#bandwidth 512

For class-default I tend to use fair-queue since I assume that there may be markings that I am not aware of.

R2(config-pmap-c)#class class-default R2(config-pmap-c)#fair-queue

Now it is time to assign the policy to the interface. Note that by default only 75% of the whole bandwidth can be reserved. This is because most of us never assign class-default a bandwidth and some protocols necessary to keep the network running (both layer 2 and layer 3) fall under class-default. Remember whatever you do not configure goes under class-default.

You can change this behavior and use all available bandwidth for your reservations using max-reserved-bandwidth 100 command under interface configuration.

R2(config-pmap-c)#int s1/0 R2(config-if)#service-policy out LOW_SPEED_SERIAL_LINK_POLICY

It’s verification time! I issue a ping from R1 to R4.

R1#ping 4.4.4.4 rep 100 source lo0 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 99 percent (99/100), round-trip min/avg/max = 32/68/112 ms

And check the matches on the policy-map assigned to serial link:

R2(config-if)#do show policy-map interface serial1/0 Serial1/0 Service-policy output: LOW_SPEED_SERIAL_LINK_POLICY Class-map: MARKED_SERVER_SUBNET_FLOW (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip precedence 2 Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 bandwidth 512 kbps Class-map: class-default (match-any) 134 packets, 12640 bytes 5 minute offered rate 3000 bps, drop rate 0 bps Match: any Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops/flowdrops) 0/0/0/0 (pkts output/bytes output) 134/12694 Fair-queue: per-flow queue limit 16

Note that our pings fell under class-default. Now I add SERVER_SUBNET class-map to the marker policy to mark any incoming packet from server subnet with an ip precedence of 2. Since pings are coming from interface f0/0 they will be marked. This is done on the marker router (in our case R2).

R2(config-if)# policy-map POLICY R2(config-pmap)#class SERVER_SUBNET R2(config-pmap-c)#set ip precedence 2

And on the policer router (in our case R2 again!) I check the result:

R1#ping 4.4.4.4 rep 100 source lo0 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 !!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 98 percent (98/100), round-trip min/avg/max = 36/67/92 ms

R2(config-pmap-c)#do show policy-map interface serial1/0 Serial1/0 Service-policy output: LOW_SPEED_SERIAL_LINK_POLICY Class-map: MARKED_SERVER_SUBNET_FLOW (match-all) 100 packets, 10400 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip precedence 2 Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 100/10400 bandwidth 512 kbps Class-map: class-default (match-any) 445 packets, 36754 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops/flowdrops) 0/0/0/0 (pkts output/bytes output) 445/36927 Fair-queue: per-flow queue limit 16

And now you can see 100 packets matched under MARKED_SERVER_SUBNET_FLOW class that matched ip precedence 2.