Traffic Shaping on Cisco IOS

(Rene Molenaar) #1

This topic is to discuss the following lesson:

(Frades) #2

this is what im waiting for! thanks! will read this!

(Vicchester N) #3

Been waiting for this! thank you…

(Edwin P) #4

Thanks Rene!

This is exactly what i needed to better understand this.
Also nice to know that newer ios versions adopt the Tc value as 4ms now, i.s.o 125ms before.
That makes it good for all in regards to voice and video or latency sensitive traffic!

(Rene Molenaar) #5

Hi Edwin,

That’s good to hear! I agree that 125 ms was a bit too much. Decreasing the Tc could increase the CPU load, I haven’t really tested this but it might be something to keep in mind…next time I’m messing around with shaping I’ll see what the impact is :slight_smile:


(charles w) #6

I work with Carrier Ethernet circuits that have policed Committed Burst Size variables. If I understand this correctly, I should be to shape the traffic using shape average (CIR) (CBSx8) (EBS) x 8. According to MEF, a good rule of thumb for CBS is 8x mtu. We typically have an EBS of 0. Would it be appropriate to divide the CBS by two use that value for CBS and EBS or is another strategy more better?

(Rene Molenaar) #7

Hi Charles,

If they use a policer and don’t allow bursting then you can use shape average with the CIR equal to the police rate.

Older IOS versions used a Tc of 125ms which means you’ll have 1000 ms / 125 ms = 8 burst, newer IOS versions use a default Tc of 4 ms so you’ll have 1000 ms / 4 ms = 250 short bursts.

As long as you don’t have any delay sensitive traffic then it doesn’t matter much what Tc you use. You just want to make sure that your shaper doesn’t permit more traffic than the policer allows to prevent unnecessary drops.


(Mohammad Hasanuz Zaman) #8

Hi Rene,

I am getting a problem in my own Network. My Gateway Router is connected to Level3 Communications and we have taken BW 300M. But when the BW utilization is around 251M to above that time we have got high latency(463ms but normal time 1ms) and 8% packet loss on the P2P Link(Our GW Router to Level3 Router link).What is the possible cause to getting this.

Our_GW_Router <--------------->Level3_Router (High Letency when the BW is above 251M)
P2P Link(300M BW)

Level3 replied no issue at there end also told us “Beside the hard limited transport capacity, there is no configured rate limit on our router.”

Please help me to sort out the issue dear :). Many Thanks


(Rene Molenaar) #9

Hi Zaman,

The first thing I would check is if your own router is not the issue. Do you see any CPU spikes perhaps? Maybe it has trouble forwarding traffic at a certain traffic rate.


(AZM U) #10

Hello Rene,
I have a quick question. Let’s say, I have a router connected to the internet through a gigabit interface, but my internet circuit is 100 mbps. Therefore, I will need to shape my traffic to 100 mbps so the ISP does not drop my excess traffic. At the same time, I like to prioritize some of my traffic over other traffic before I send them to the ISP. Let’s say, I like to allocate 50% of the bandwidth to voice traffic, 20 % to HTTPS traffic. 5 % to telnet traffic and rest of the bandwidth to other traffic.

        -------G0/1 (LAN)---- **ROUTER**---G0/0 (WAN)-------------------------------------------ISP

Would you please show me how the configuration would be for this case? Thank you so much in advance.

Best Regards,

(Lazaros Agapides) #11

Hello Azm

I believe that it would be a good exercise to attempt to configure such a situation in a simulator (GNS3 or VIRL).

Just a note, if Gi0/0 is connected to the ISP with 100Mbps bandwidth, then the easiest way to limit that interface to 100Mbps is to enter the command speed 100 on the interface. However, because this lesson has to do with configuring traffic shaping, we’ll assume that this cannot be done. Let’s say the bandwidth to the ISP is 200 Mbps, so we don’t have this option of an “easy” solution.

Here are some hints to get you started in attempting to configure what you described in your post:

  1. Using the information that Rene has provided in this exercise, you can first limit the total average bits per interval, sustained.
  2. Secondly, you can differentiate between traffic (https, telnet and others) using port numbers by creating additional access lists that refer to these specific ports.
  3. Thirdly, for voice traffic and the like, you can implement QoS mechanisms including the use of “priority percent” to aid you.

Have a go and let us know your results. We can continue the conversation as you go…

I hope this has been helpful!


(AZM U) #12

Hello Laz,
One quick question. So I can set the bandwidth under the GIG interface to 100 Mb to shrink the traffic flow or I can create a class -map as below.

class-map SHAPING
 match any
Policy-map SHAPING_100Mb
 class SHAPING
   shape average percent 10

inter gigabitEthernet 1/0
 service-policy output SHAPING_100Mb

What is the functional difference between these two configurations?

Another thing. what is the difference between changing the bandwidth vs speed under an interface?

Thank you so much.

(Lazaros Agapides) #13

Hello Azm.

The configuration you have posted using the class-map shapes the traffic such that the average will be shaped to a maximum of 100 Mbps. Keep in mind that average means that sometimes your actual speed may be more than 100 and sometimes it may be less, but the average will be 100. If you want to make the traffic have an absolute peak of 100 Mbps, then use the peak keyword instead of average.

If you go into the interface and configure speed 100 then you are telling the interface to function at the 100BaseT standard and not 1000BaseT. You are essentially hard wiring the port to FastEthernet rather than GigabitEthernet. The default setting is auto which will allow a port to negotiate the highest mutually available standard between itself and the device on the other end.

The bandwidth setting on an interface doesn’t actually change the capabilities of the interface. I repeat, it will in NO WAY affect data rates over the interface. The bandwidth setting is used by routing protocols such as EIGRP or OSPF to determine cost and thus determine the best path to specific destinations. So essentially, by tweaking the bandwidth parameter on an interface, you can make some paths more attractive and others less attractive to a routing protocol to achieve the routing paths that you desire.

I hope this has been helpful!


(AZM U) #14

Hello Laz,
It’s always exciting talking to you about technologies. Even though you said twice bandwidth has no effect on data transfer, I have always know that bandwidth determines the capability of a transport medium. Even I was googling the definition of bandwidth and everywhere it’s saying bandwidth refers to the capability of a medium. Please shed some light on it. Thank you so much.

Best Regards,
Azm Uddin

(Lazaros Agapides) #15

Hello Azm!

I’m glad you’re enjoying the forum! It’s a lot of fun for me too to discuss these things with you!!

You are correct when you say that the term “bandwidth” refers to the data transfer rate in any situation. That is the definition of the word itself. However, the COMMAND bandwidth used on an interface on Cisco routers will not change the throughput, speed or data transfer rate on that interface in any way. It is just an informational parameter that is placed on the interface to tweak routing protocols as I mentioned. The actual bandwidth is not changed.

You can try it out by changing the bandwidth parameter on an interface to something extremely low like bandwidth 1 where you are stating the bandwidth to be 1 Kbps. You will still be able to transfer data at much higher speeds.

I hope this has been helpful!


(AZM U) #16

Hello Laz,
A few more questions.

  1. Speed can only be set to 10/100/1000 by using the speed command under the interface. Therefore, if I have a situation where my circuit is 4 mbps, speed command can not be used to set the speed to 4 mbps and a policy-map will be required to perform traffic shaping. At the same time, QoS also needs to be configured to prioritize some traffic. A sample configuration is below. Please let me know if it is a valid config.

    class-map SHAPING
    match any
    class-map VOICE
    match protocol rtp audio
    class-map HTTPS
    match protocol secure-http

    Policy-map SHAPING_4Mb
    class SHAPING
    shape peak 4194304
    class VOICE
    priority percent 50
    class HTTPS
    bandwidth percent 25
    class class-default

    inter gigabitEthernet 1/0
    service-policy output SHAPING_4Mb

  2. Would you please use a scenario to explain peak shaping and average shaping?

Thank you so much.

Best Regards,
Azm Uddin

(Lazaros Agapides) #17

Hello AZM

**Question 1)**

Yes, that is absolutely correct. The fact that the requirement was 100 Mbps was a convenient coincidence. For most cases, a policy-map is needed.

As for your configuration, it looks good. Concerning voice traffic, you’ve included RTP traffic which is great. This will prioritise all the packets that actually carry the voice. You might want to create an additional class map for the call control traffic. You can add the following commands to the class-map VOICE:

match protocol sip
match protocol h323
match protocol skinny

This covers all control traffic using SIP, H323 or SCCP.

**Question 2)**
Peak shaping is when you are stating the absolute maximum that you allow in the policy. So if you have a statement that says shape peak percent 80 for example on a 100Mbps interface, then you will never have more than 80Mbps traversing that interface, EVER.

Average shaping is when you are stating that you want the average throughput to conform to the policy. So, if you have a statement that says shape average percent 80 then the average over time will remain at 80Mbps. This means that you may be at 90Mbps for 30 seconds and at 70Mbps for the next 30 seconds. If you’re over the 80Mbps threshold for a long period of time, it will cut back the throughput to something lower than 80 Mbps for a period of time to have the average over time remain at 80Mbps.

I hope this has been helpful!


(AZM U) #18

Hello Laz,
One quick question. Let’s say I have a gig interface connected to the ISP, but my link is a 50 mbps link and because of ISP’s requirement I have to use a sub-interface for vlan tagging. Let’s say the sub-interface is gig0/0.50. If I want to configure any congestion avoidance outbound towards the ISP, do I have to configure it under the gig0/0 interface or I have to configure it under gig0/0.50 interface and why? One more question. What is the difference between call signaling and voice bearing? Thank you so much.

Best Regards,

(Lazaros Agapides) #19

Hello Azm

This is an excellent question! For the specific scenario you are referring to, if you apply shaping and queueing to the gig0/0 interface as usual, then the shaping will be applied to all traffic going through that interface as a whole without regard to the individual subinterfaces. For your scenario, that is fine because (I assume) because you only have one subinterface, so whatever you apply to the physical interface will be sufficient.

You can also apply the shaping to the subinterface directly, if the only internet traffic you have from the ISP goes through that subinterface. The result will be the same.

As a side note, when applying shaping AND an additional service policy that applies a queueing method, you cannot apply it in one single policy. You must use what is called a Hierarchical policy. It is essentially a nested policy. You can find out more about that here.

As for call signalling and voice bearing, I believe you are referring to the structure of an ISDN circuit. ISDN was developed for voice traffic and comes in several types:

ISDN Basic Rate Interface (BRI) - two bearer channels and one signalling channel
ISDN Primary Rate Interface (PRI) (T1 in the USA, Canada and Japan) - 23 bearer channels and one signalling channel
ISDN PRI (E1 in the rest of the world) - 30 bearer channels and two signalling channels

A bearer channel (also referred to as a DS-0) is a channel that “bears” or carries voice traffic (or content in case of video or other data). It does not carry signalling.

A signalling channel is the channel that carries all the signalling necessary for call control, that is, to set up and tear down telephone calls. This includes DTMF, caller ID, busy/ringback tones, on and off hook etc)

I hope this has been helpful!


(AZM U) #20

In one word EXCELLENT !!!