QOS 之shaping and policing

shaping and policing 針對網絡擁塞所做的政策做到限速，工作的Q之前

shaping 是對超出的速率的包進行緩存，等速率降下來在發出去

隻能應用在出方向，能減少TCP的重傳不能making

policing是對超出的速率的包drop或者making，在出入方向都可以。

了解令牌桶的原理（token bucket）：

<a href="http://blog.51cto.com/attachment/201104/160811777.png" target="_blank"></a>

BC=8000bite 速率限制在64kbs 我們求下TC=8/128=0.0625S  

一半的時間就把令牌桶沾滿了，下個0.625s就沒有令牌了，如果是shaping緩存，policing直接drop，從1s時間來看就有半秒時間空閑，達到限速目的。

兩個令牌桶BC=BE的情況下

<a href="http://blog.51cto.com/attachment/201104/162218152.png" target="_blank"></a>

在125毫秒的時間把BC BE都占滿了，到下一個65.5毫秒又把BC占滿了BE還沒有空閑就drop掉剩下的流量

CIR （committed information rate）承諾資訊速率   bps 

Tc （ time committed）承諾時間  125毫秒   1/8秒

Bc  （brust committed）承諾的突發量   bite

Be （burst excess ） 超出的突發量

CIR=BC/Tc   在配置的時候我們隻關心CIR就行了

shaping：GTS（generic traffic shaping）

                   frame relay traffic shaping

                   class-based shaping

policing   ：committed  access rate   （CAR）

                  class-dased policing 

GTS:可以用在任何接口

Router(config)#int s1/0

Router(config-if)#tra

Router(config-if)#traffi

Router(config-if)#traffic-shape ?

  group  configure token bucket: group &lt;access-list&gt; CIR (bps) [Bc (bits) [Be

         (bits)]] 

  rate   configure token bucket: CIR (bps) [Bc (bits) [Be (bits)]]

Router(config-if)#traffic-shape ra

Router(config-if)#traffic-shape rate ?

  &lt;8000-100000000&gt;  Target Bit Rate (bits per second)

Router(config-if)#traffic-shape rate 64000 ?

  &lt;0-100000000&gt;  bits per interval, sustained

  &lt;cr&gt;

Router(config-if)#traffic-shape rate 64000 8000 ?

  &lt;0-100000000&gt;  bits per interval, excess in first interval

Router(config-if)#traffic-shape rate 64000 8000 8000 1000

Router#show traffic-shape

Interface   Se1/0

       Access Target    Byte   Sustain   Excess    Interval  Increment Adapt

VC     List   Rate      Limit  bits/int  bits/int  (ms)      (bytes)   Active

-             64000     2000   8000      8000      125       1000      -  

              CIR   (BC+BE)/8   BC       BE        TC         BC(8000bite/8劃算成bytes)

還可以針對特定ACL來限速，但traffic-rate和traffic rate group不能同時運用在一個接口上

Router(config)#access-list 110 permit ip host 202.1.100.100 host 191.1.1.1

Router(config-if)#traffic-shape group 110 128000 8000 8000 1000

CBSHAPING就是結合MQC來做加上條指令而已

R1(config)#policy-map cbshap

R1(config-pmap)#cl

R1(config-pmap)#class TEL

R1(config-pmap-c)#sha

R1(config-pmap-c)#shape ?

  adaptive        Enable Traffic Shaping adaptation to BECN

  average         configure token bucket: CIR (bps) [Bc (bits) [Be (bits)]],

                  send out Bc only per interval

  fecn-adapt      Enable Traffic Shaping reflection of FECN as BECN

  fr-voice-adapt  Enable rate adjustment depending on voice presence

  max-buffers     Set Maximum Buffer Limit

  peak            configure token bucket: CIR (bps) [Bc (bits) [Be (bits)]],

                  send out Bc+Be per interval

R1(config-pmap-c)#shape av

R1(config-pmap-c)#shape average ?

  &lt;8000-154400000&gt;  Target Bit Rate (bits per second), the value needs to be

                    multiple of 8000

  percent           % of interface bandwidth for Committed information rate

R1(config-pmap-c)#shape average 64000

R1(config-pmap-c)#shape max-buffers 200

CAR:

R1(config-if)#rate-limit output ?

  &lt;8000-2000000000&gt;  Bits per second

  access-group       Match access list

  dscp               Match dscp value

  qos-group          Match qos-group ID

R1(config-if)#rate-limit output 256000 ?

  &lt;1000-512000000&gt;  Normal burst bytes

R1(config-if)#rate-limit output 256000 2000 2000 ?

  conform-action  action when rate not exceeded

R1(config-if)#rate-limit output 256000 2000 2000 con

R1(config-if)#rate-limit output 256000 2000 2000 conform-action ?

  continue                          scan other rate limits

  drop                              drop packet

  set-dscp-continue                 set dscp, scan other rate limits

  set-dscp-transmit                 set dscp and send it

  set-mpls-exp-imposition-continue  set exp during imposition, scan other rate

                                    limits

  set-mpls-exp-imposition-transmit  set exp during imposition and send it

  set-prec-continue                 rewrite packet precedence, scan other rate

  set-prec-transmit                 rewrite packet precedence and send it

  set-qos-continue                  set qos-group, scan other rate limits

  set-qos-transmit                  set qos-group and send it

  transmit                          transmit packet

shaping以bite為機關  policing以bity為機關

R1#show run int s1/0

Building configuration...

Current configuration : 207 bytes

!

interface Serial1/0

 no ip address

 rate-limit output 256000 2000 2000 conform-action transmit exceed-action drop

                            CIR    BC   BE

擴充：

access-list 101 permit tcp any any eq www

rate-limit output access-group 120 64000 5000 5000 conform-action transmit exceed-action drop

 rate-limit output 128000 2000 2000 conform-action continue exceed-action drop大範圍

continue指令是如果第一條比對還可以往下查

class-dased policing

拿到第一個桶令牌的是conforms

拿到第二個桶令牌的是exceed

拿不到的violate

policy-map liang

 class TEL

  police cir 64000

    conform-action transmit 

    exceed-action transmit 

    violate-action drop

 本文轉自q狼的誘惑 51CTO部落格，原文連結：http://blog.51cto.com/liangrui/552058，如需轉載請自行聯系原作者