[c-nsp] shaping outbound

Anton Kapela tkapela at gmail.com
Sun Dec 25 15:46:15 EST 2011 

Dan,

On Sat, Dec 24, 2011 at 2:49 PM, Dan Letkeman <danletkeman at gmail.com> wrote:

> I'm confused as to when and where it is possible to shape traffic.  I
> have a 50Mbps internet connection from our ISP and I would like to
> shape some of the download traffic using our 2821.  Here is what I
> have setup:
>
> lan users ----- g0/0 - 2821 - g0/1 ------internet
>
> Currently I have no way of limiting someone from using up the entire
> pipe.  My thought was to add a policy-map in the outbound direction on

[..]

> Any idea on how to go about this?  Or Am I stuck with buying a
> ridiculously expensive packet shaper or something of the sorts?

You can, in fact, shape, queue, and control bits arriving at your
doorstep if you're willing to give up a bit of the internet pipes'
peak downstream bitrate. In general, if you were to, say, queue
packets towards your users (lan side), at less than the configured ISP
rate, you'd effectively congest within the router (which you control).
This could be useful.

A rule of thumb I've kept in mind is to shape at ~80% of the overal
CIR from your isp. Then, apply queueing to taste. A fairly useful &
straight-forward approach might look like the following:

policy-map qos-down
 class class-default
    fair-queue
    queue-limit 2048 packets

policy-map shape-down
 class class-default
    shape average 40000000 160000
  service-policy qos-down

Then, apply to lan facing port:

interface GigabitEthernet0/0
service-policy output shape-down

Same for upstream, though, you can typically get away shaping within
95% of the configured CIR bitrate. Say you had 5 mbits/sec upstream.
You'd then want something like:

policy-map qos-up
 class class-default
    fair-queue
    queue-limit 512 packets

policy-map shape-up
 class class-default
    shape average 4750000 19000
  service-policy qos-down

..then applied in the output direction of Gi 0/1, per your config setup.

Fair-queue alone will ensure per-flow fairness is provided by the
router in the Tx direction for any packets buffered in the shaped
class-default. This could be 'bad' if you're concerned that or faced
with many-flow apps (torrents, etc) out-competing single- or few-flow
apps (shoutcast, iptv, netflix, etc). If that's the case, then
adjustment and specific queueing must be created to single-out the
jerks and/or reserve bits for known-friendly-er apps. If you're not
seeing/concerned with flow-rich vs. flow-poor apps getting a fair
shake, and are considering a more docile/typical app mix (few big
downloads, app updates, imap/exchange email, vpns, net radio, etc),
then fair-queue alone will probably be sufficient.

-Tk

More information about the cisco-nsp mailing list